आपका स्टेल्थ सेटअप बार-बार क्यों डिटेक्ट हो रहा है

You bought the anti-detect browser. You configured the proxies. You spoofed the fingerprints. And you're still getting accounts flagged within 48 hours.

The problem is almost never the tools. It's the configuration. After auditing hundreds of stealth setups for clients, we've identified twelve mistakes that account for 95% of detection failures. Most of them are embarrassingly simple — and that's exactly why they persist.

The Detection Arms Race

Detection has evolved in three distinct waves:

Wave 1 (2015-2018): IP and cookies. Platforms checked your IP address and cookies. Use a different IP with fresh cookies and you looked like a new user. Anti-detect wasn't even necessary.

Wave 2 (2018-2022): Fingerprinting. Platforms started collecting browser fingerprints — canvas, WebGL, audio, fonts, navigator properties. Matching fingerprints across sessions linked accounts regardless of IP or cookies. Anti-detect browsers emerged to address this.

Wave 3 (2022-present): Behavioral + ML. Modern detection combines fingerprinting with behavioral biometrics, session analysis, and machine learning models that identify patterns invisible to rule-based systems. The fingerprint doesn't need to be wrong — the behavior surrounding it does.

Your setup needs to survive all three waves simultaneously. Most failures happen because operators address Wave 2 (fingerprint spoofing) while ignoring Waves 1 and 3.

The Twelve Common Mistakes

1. Timezone-Locale-IP Mismatch

The most common mistake. Your proxy is in Germany, but your browser reports America/New_York timezone and en-US language. Any detection system that cross-references these three signals — and all major ones do — flags this instantly.

Fix: Configure timezone, language, and Accept-Language headers to match the proxy's geographic location. Use a reliable geo-IP database to verify the proxy's actual location, not just the provider's label.

2. WebRTC IP Leaks

WebRTC can expose your real IP address even when routing through a proxy. The STUN request to discover your public IP bypasses the proxy and reveals the IP of your actual network interface.

Fix: Either disable WebRTC completely in the browser profile or configure it to route STUN requests through the proxy. Test with BrowserLeaks WebRTC test after configuration — every time.

3. Canvas Noise Inconsistency

Basic canvas spoofing adds random noise to each render. But real hardware produces identical canvas output on every render. If detection runs the canvas test twice in the same session and gets different results, that's definitive proof of spoofing.

Fix: Use anti-detect browsers that apply deterministic noise — the same spoofed output every time, derived from the profile's hardware parameters rather than random generation. Multilogin does this correctly; many others don't.

4. Font Enumeration Mismatch

Your profile claims to be macOS, but the font list includes Segoe UI, Calibri, and other Windows-exclusive fonts. Or it claims Windows but lists San Francisco and Helvetica Neue.

Fix: Configure font lists that match the reported operating system. Maintain a reference database of default fonts per OS version and only include fonts that would exist on that platform.

5. Screen Resolution Inconsistency

The profile reports a 4K resolution (3840×2160) but the browser window is 1366×768. Or the reported screen resolution doesn't match any real device — 1920×1081 instead of 1920×1080.

Fix: Set screen resolution to common values that match real hardware. Ensure screen.width, screen.height, screen.availWidth, screen.availHeight, and window.outerWidth/outerHeight are internally consistent.

6. Navigator Properties Don't Match User-Agent

The user-agent says Chrome 120 on Windows 11, but navigator.platform returns "MacIntel" or navigator.hardwareConcurrency returns a value that doesn't match the claimed hardware.

Fix: Audit every navigator property against the claimed user-agent. Key properties: platform, hardwareConcurrency, deviceMemory, maxTouchPoints, vendor, and languages. All must be internally consistent.

7. DNS Leaks

Your browser traffic routes through the proxy, but DNS queries go directly to your system resolver. The target platform can't see your DNS queries directly, but DNS-based detection services can identify your real DNS resolver, revealing your true network.

Fix: Force DNS resolution through the proxy connection. Use DNS-over-HTTPS (DoH) or DNS-over-TLS (DoT) through the proxy. Verify with DNS leak test tools.

8. HTTP/2 and TLS Fingerprint Mismatch

Your browser claims to be Chrome but its TLS ClientHello fingerprint doesn't match Chrome's known JA3/JA4 hash. Or the HTTP/2 SETTINGS frame uses values that don't match the claimed browser.

Fix: Use anti-detect browsers that modify the TLS stack to match the spoofed browser identity. Most don't — this is one of the hardest vectors to address because it requires changes below the application layer.

9. Plugin and Extension Leaks

Browser extensions modify the DOM, inject CSS, or create detectable side effects. Even without directly exposing the extension list, detection can identify extensions by checking for specific DOM modifications, CSS rules, or JavaScript objects they create.

Fix: Run clean profiles with zero extensions. If extensions are required, audit each one for DOM modifications and ensure they don't conflict with the profile's cover story.

10. Inconsistent Hardware Acceleration

WebGL reports a specific GPU (Intel UHD 630) but the canvas rendering performance doesn't match that GPU's capabilities. Or the GPU claims to support features that the reported GPU doesn't actually support.

Fix: Match WebGL renderer strings to GPUs that actually exist, and ensure performance characteristics are plausible. Don't claim a high-end NVIDIA GPU if your canvas rendering speed is characteristic of integrated graphics.

11. Automation Artifacts

CDP (Chrome DevTools Protocol) artifacts, navigator.webdriver flags, and Puppeteer/Playwright injection traces remain in the browser environment even when not actively automating.

Fix: If automating, use stealth plugins (puppeteer-extra-plugin-stealth) and verify no automation artifacts are detectable. If not automating, ensure the anti-detect browser hasn't left debugging tools enabled. See our automation detection guide.

12. Session Behavior Patterns

All of the above can be perfect, and you still get detected because every profile visits the same sequence of pages, at the same time of day, with the same interaction patterns. Machine learning models detect behavioral similarity across profiles even with unique fingerprints.

Fix: Vary session behavior across profiles. Different entry points, different navigation patterns, different session durations. This is the hardest mistake to fix because it requires operational discipline, not just technical configuration.

Consistency Is Everything

Here's the counterintuitive truth about stealth configuration: a completely unmodified browser fingerprint is less suspicious than a spoofed fingerprint with internal contradictions.

Detection systems aren't just looking for specific values — they're looking for impossible combinations. A browser that reports Chrome 120 on Windows 11 with an Intel GPU, matching fonts, consistent timezone, and proper TLS fingerprint is invisible. A browser that reports Chrome 120 on Windows 11 with macOS fonts, a mismatched timezone, and a Python TLS fingerprint is an obvious fake.

The goal isn't to have a "unique" fingerprint. It's to have a fingerprint that's boring — one that matches millions of real devices and contains zero internal contradictions.

Testing Your Setup Before Going Live

Never go live without testing. Here's the testing protocol we use:

Automated checks:

1. CreepJS — tests for fingerprint lies and inconsistencies
2. BrowserLeaks — systematic vector-by-vector analysis
3. Pixelscan — anti-detect-specific detection
4. IPHey — IP quality and proxy detection
5. DNS leak test — verify DNS resolution routing

Manual checks:

1. Open browser DevTools console. Check navigator.webdriver, navigator.plugins, navigator.languages manually.
2. Run Intl.DateTimeFormat().resolvedOptions().timeZone and verify it matches the proxy location.
3. Load a WebGL report page and verify the renderer matches the profile's claimed hardware.
4. Test WebRTC by visiting a WebRTC test page — verify no IP leaks.

Platform-specific checks:

1. Create a throwaway account on your target platform and monitor for 72 hours before using the profile for anything valuable.
2. Check for CAPTCHAs, verification prompts, or unusual friction during account creation — these indicate detection signals.

Run this protocol after every configuration change. One overlooked parameter change can compromise an entire profile set.

FAQ

Do detection systems share data between platforms? Some do. Anti-fraud services like SEON, Sift, and LexisNexis ThreatMetrix operate across platforms. A fingerprint flagged on one client platform may be flagged on another if they share the same anti-fraud provider. This is why the same stealth setup can fail on seemingly unrelated platforms.

How quickly do platforms update their detection? Major platforms update weekly to monthly. Social media platforms (Meta, Google) update fastest. E-commerce platforms (Amazon, eBay) update monthly. Smaller platforms may update quarterly. After a major anti-detect browser update, there's usually a 2-4 week window before platforms adapt.

Is mobile detection different from desktop? Yes, significantly. Mobile detection includes vectors that don't exist on desktop: accelerometer data, battery API, touch event characteristics, and cellular network signals. Most desktop anti-detect browsers emulating mobile devices fail on these mobile-specific vectors. See mobile fingerprinting.

Can I automate consistency checking? Yes. Build a pre-launch validation script that checks every profile against your consistency requirements before allowing it to go live. This catches configuration drift, provider changes that affect IP geolocation, and profile corruption. We run automated consistency checks every 6 hours on active profiles.