Open source Runs locally

Bot Detector — see what a page is running

A free, open-source Chrome extension that inspects any page and reports the bot-management, verification, and browser-fingerprinting technologies it uses — each with a confidence score. A read-only diagnostic: it analyses the signals already on the page and sends nothing anywhere.

MIT licensed · no account · no telemetry

Detection report

example output · v1.0.0

Bot management95% confidence
CDN protectionvia cookie · script
Verification90% confidence
Checkbox CAPTCHAvia DOM · window
Fingerprinting3 APIs read
CanvasWebGLAudio
What it is

Know what's on the page first

Modern sites layer CDN rules, bot-management services, and fingerprinting APIs. Whether you're debugging automation you're authorised to run, auditing a site you own, or checking what's tracking you, it helps to know exactly what's deployed.

Bot Detector reads the signals already present on a page — cookies, script URLs, DOM nodes, global objects, JS API calls, and response headers — and maps them to known technology categories, each with a confidence score.

It's read-only and fully local. Nothing is sent to a server, the code is open and auditable, and there's no account to create.

Scope before you build

See which systems a page runs up front, so authorised automation is planned, not guessed at.

Audit a site's posture

Inventory the protection layers on a site you own or test, and confirm they're configured as expected.

See your fingerprint surface

Find out which browser APIs a page reads to identify you, and understand your tracking exposure.

What it recognises

Three categories of page technology, reported by type — never named as targets.

Bot-management systems

16 types

Server- and edge-side systems that classify automated traffic. The extension reports which category of system is present, based on the signals it leaves on the page.

CDN protectionBot managementBehavioural analysisEnterprise WAFSecurity tokensRate limitingDevice fingerprintingCloud WAFEdge securityDDoS protectionBot detectionThreat intelligenceAI scoringTraffic analysisSession validationChallenge systems
How it works

Six signal sources, one report

Detection is fully transparent: each technology is matched from observable page signals, and the more sources agree, the higher the confidence score.

Cookies

Reads cookies set by protection and verification services.

security tokens, session cookies, challenge cookies

Script URLs

Spots the JavaScript files a page loads from known technology categories.

challenge scripts, verification widgets, telemetry

DOM elements

Scans for challenge containers and verification iframes in the page.

grecaptcha, h-captcha, turnstile-widget

Window objects

Inspects global JavaScript variables that frameworks expose.

window.grecaptcha, window._cf_chl_opt

JS API hooks

Observes Canvas, WebGL and Audio API calls used for fingerprinting.

canvas.toDataURL(), gl.getParameter()

Response headers

Parses HTTP response headers that hint at the technology in front of a site.

server, cf-ray, set-cookie, x-* security headers
Features

Built for developers

Fast, private, and scriptable — the kind of tool you leave pinned to your toolbar.

Real-time detection

Reports the bot-management, verification, and fingerprinting technologies on a page the moment you open it. No setup, no account.

45+ detection patterns

Confidence scoring

Every detection carries a confidence score derived from how many independent signals matched — so you can tell a strong match from a guess.

Multi-signal scoring

Fingerprint surface map

Lists which browser APIs a page reads to build a device signature, from Canvas to WebRTC, so you can see your exposure at a glance.

21 fingerprint sources

Runs 100% locally

All analysis happens in your browser. No external API calls, no telemetry, no data collection — and no measurable page slowdown.

Zero network calls

Configurable

Toggle fingerprint detection, tune cache duration, and turn auto-scanning on or off to fit how you work.

Full control

Exportable reports

Copy a structured detection report to your clipboard in one click — handy for tickets, audits, and sharing findings with your team.

One-click export

Install from source

Five steps, about two minutes. No store listing, no account.

1

Clone the repo

Download or git clone the open-source repository to your machine.

2

Open chrome://extensions

Paste chrome://extensions into your address bar.

3

Enable Developer mode

Flip the Developer mode switch in the top-right corner.

4

Load unpacked

Click "Load unpacked" and select the extension folder.

5

Open it on any page

Click the extension icon to see the technologies detected on the current tab.

Add your own detector

A detector is a single JSON file — extend the catalogue without touching code:

{
  "detector": {
    "id": "my-detector",
    "label": "My Technology",
    "active": true,
    "type": "antibot"
  },
  "meta": {
    "icon": "vendor-default.png",
    "color": "#14B8A6"
  },
  "patterns": {
    "cookies": [
      {
        "match": "my_cookie",
        "score": 90
      }
    ],
    "urls": [
      {
        "match": "vendor-script.js",
        "score": 85
      }
    ]
  }
}

drop into detectors/antibot/, detectors/captcha/ or detectors/fingerprint/

"Best and most reliable service for scraping websites"
What Is
Verified

Who it's for

Developers, security researchers, and privacy-minded engineers.

Development & debugging

See which verification and CDN systems a page runs before you write or debug automation you are authorised to operate. Stop guessing why a request behaves differently from one site to the next.

Scope a new integrationDiagnose flaky requestsPlan request strategy
Less trial and error

Security auditing

Inventory the protection layers deployed on a site you own or are testing, and confirm they are configured the way you expect.

Posture reviewsConfig checksPen-test recon
Complete visibility

Privacy research

Find out how a page tracks you. The extension surfaces every fingerprinting API a site reads to identify your browser.

Privacy auditsTracking researchExposure analysis
Know your footprint

Technology auditing

Build a quick inventory of the protection and tracking stack a site uses — useful for due diligence, vendor research, and teaching how the modern web defends itself.

Stack inventoryVendor due diligenceEducation
Understand the stack

Open source, free forever

Bot Detector is MIT-licensed and fully auditable. Star it, open an issue, add a detector, or fork it for your own projects — the catalogue grows with the community.

footer-frame

Start building with Scrappey

Try It For Free. No Subscription Required. No Credit Card Required. Instant Set-Up. Your Free Trial Is Waiting For You!

Frequently asked questions

What is Scrappey.com?

Scrappey.com is a web scraping API that handles all the complex aspects of web scraping, such as handling dynamic content, rotating proxies, advanced request handling, headless browsers, and verification processing. It offers an all-in-one solution for extracting publicly available data from websites.

How does Scrappey.com work?

Scrappey.com provides a web scraping API that allows you to send requests to extract publicly available data from websites. It handles dynamic content and modern website complexity, including rotating proxies, advanced request handling, and verification processing. You can easily extract publicly available data from websites using their built-in features like headless browsers and AI-powered data extraction.

Can I customize the proxies used for scraping?

Yes, with Scrappey.com, you have the option to use Sticky Rotating Proxies for seamless scraping. Alternatively, you can also set your own proxies if desired.

Is there a free trial available?

Yes, Scrappey.com offers a free trial where you can try it out without a subscription or credit card. Instant setup is provided, so you can explore the full capabilities of the platform right away.

What happens if a request fails?

We only charge for successful requests. Failed requests are not counted towards your usage, so you only pay for what works.

I need to scroll or click on a button on the page I want to scrape

No problem, you can pass any JavaScript snippet that needs to be executed by using our JavaScript scenario parameter. This allows you to interact with dynamic content, scroll pages, click buttons, wait for elements, and perform any custom JavaScript actions before extracting the data.

What is the pricing structure for Scrappey.com?

Scrappey.com offers simple and transparent pricing: €0.10 per 1,000 direct HTTP requests and €1.00 per 1,000 full-browser requests. Residential proxies are included on both tiers — no separate proxy billing, no hidden fees, no complicated pricing tiers. You only pay for successful requests.

Are there any usage restrictions or limitations?

Scrappey.com provides scalable access for extracting publicly available data. Whether you need to extract data from a few pages or a large dataset of publicly accessible content, you can do so with flexible usage options. Please note that Scrappey.com only supports scraping publicly available data, and users must comply with applicable laws and website terms of service.

What support channels are available?

Scrappey.com provides various support channels for assistance. You can refer to their documentation, frequently asked questions section, blog, and uptime status page. Additionally, you can get in touch with them via email or join their Discord community for further support.

I'm not a developer, can you create custom scraping scripts for me?

We don't create custom scraping scripts, however we will gladly write some code snippets helping you to use our most powerful features: AI-powered data extraction and JavaScript scenario. Our documentation includes examples in multiple programming languages to get you started quickly.

What is a request and how are they counted?

Each API call to Scrappey counts as one request. Our pricing is based on successful requests. By default, JavaScript rendering is enabled, which allows you to extract data from modern websites with dynamic content. All features including proxies, challenge handling, and reliable web access handling are included in each request.

How fast is Scrappey's API and what if a site is hard to scrape?

Scrappey's API is optimized for fast response time, even when working with JavaScript-heavy websites and browser verification flows, where access is authorized. If other tools struggle with sites that use browser verification, Scrappey is designed to handle these workflows efficiently, ensuring reliable data retrieval. Our reliable web access handling, residential proxies, and intelligent retry logic work together to maximize success rates.