Request Context Fingerprinting. Detects browser-impersonating bots by analyzing whether HTTP request context is logically valid. No JavaScript fingerprinting needed. Open specification: github.com/rozetyp/rq4
v (valid), x (impossible - no real browser produces this), or - (no headers to evaluate).curl -X POST 'https://rq4.dev/demo/replay' \ -H 'Cookie: rq4s_demo=18a0a91dba4beb063e9e20030d5d4161' \ -H 'Sec-Fetch-Mode: cors' \ -H 'Sec-Fetch-Dest: document' \ -H 'Sec-Fetch-Site: same-origin' \ -H 'Sec-Fetch-User: ?1' \ -H 'Upgrade-Insecure-Requests: 1' \ -H 'Accept: text/html,application/xhtml+xml' \ -H 'Sec-CH-UA: "Chromium";v="131"' \ -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36'
xxvx. RQ4-S will see this is the first impossible request on a previously-clean session and flag it.rq4s_demo cookie is RQ4-fingerprinted (Mode/Upgrade/Identity/Transfer dimensions).{clean: bool, count: int, flaggedAt?: int}.We publish on request fingerprinting, browser bot detection, and running it in production. Drop your email for new posts.
Read recent posts →