What Is a Timezone / IP Geolocation Mismatch?

Paste into ChatGPT, Claude, or any LLM

On this page

A timezone/IP mismatch is the inconsistency between where a browser claims to be and where its IP address actually is. Anti-bot systems read the browser timezone (via Intl.DateTimeFormat().resolvedOptions().timeZone and Date.getTimezoneOffset()), the Accept-Language header, and the GPS/geolocation claims, then compare all of them against the IP geolocation of the connection. A request from a German residential proxy that reports America/New_York and en-US is geographically incoherent and scores block-grade - this is the single most common reason proxied scrapers get caught.

Signals compared	Intl timezone, getTimezoneOffset, Accept-Language, navigator.language(s), IP geo
Why it is reliable	Real users almost always have a timezone matching their IP region
Common cause	Rotating proxy IP changes country but the browser keeps a fixed timezone
Fix	Derive timezone + locale + language from the exit IP, per session
Bonus check	WebRTC / DNS geo and Accept-Language must agree too

Everything a site can read about your location

Location leaks from many independent surfaces, and they are supposed to agree:

Browser timezone - Intl.DateTimeFormat().resolvedOptions().timeZone returns a named zone like "Europe/Berlin"; new Date().getTimezoneOffset() returns the numeric offset. Both come from the OS.
Language - navigator.language, navigator.languages, and the Accept-Language header.
IP geolocation - the server maps the connecting IP to a country/region/city via a GeoIP database (MaxMind and similar).
Geolocation API - if granted, exact GPS coordinates.
Locale-derived signals - currency, number/date formatting, and even the set of bundled fonts can hint at region.

On a real device these line up because they all trace back to where the person installed and configured their OS. A scraper assembles them from different places - a US server timezone, a default en-US locale, and a proxy IP in Brazil - and the seams show.

Why rotating proxies make it worse

The mismatch is most damaging with rotating proxies. The browser process keeps one timezone for its whole lifetime, but the exit IP may hop from Germany to Japan to Brazil across requests. Within a single session the timezone is now wrong for two of the three countries. Worse, an IP that changes country mid-session while the timezone stays fixed is itself a behaviour no real user exhibits - the inconsistency is not just static but temporal.

Anti-bot vendors specifically watch for: timezone offset that does not match IP country, Accept-Language that does not match IP country, and an IP whose country changes while client-side geo signals stay constant. Any one of these is a soft signal; two together is usually a block.

Keeping geo coherent

The fix is to derive every location signal from the exit IP, per session, rather than leaving OS defaults. That means: set the browser timezone to the IP's zone, set navigator.languages and Accept-Language to a locale plausible for that country, and if geolocation is granted, return coordinates inside the IP's region. Pin the proxy to one country for the lifetime of a session so the timezone never contradicts a later request.

Serious anti-detect browsers and managed scraping APIs automate this: they look up the proxy exit IP, then configure timezone, locale, language, and geolocation to match before the first navigation. This is exactly why frameworks warn against using a separate proxy-auth path that the fingerprint layer is unaware of - if the browser does not know the exit IP, it cannot align the timezone to it. Geo coherence is a clustering problem, not a single setting: see fingerprint clustering.

Code example

javascript

// Client signals an anti-bot script collects
const geo = {
  tz: Intl.DateTimeFormat().resolvedOptions().timeZone, // 'Europe/Berlin'
  offset: new Date().getTimezoneOffset(),               // -120 (minutes, DST-aware)
  langs: navigator.languages,                           // ['en-US','en']
  lang: navigator.language
};

// Server compares against IP geo (pseudo)
function geoCoherent(geo, ipCountry /* from MaxMind */) {
  const tzCountry = zoneToCountry(geo.tz);     // 'Europe/Berlin' -> 'DE'
  if (tzCountry !== ipCountry) return false;   // timezone vs IP
  const langCountry = (geo.lang.split('-')[1] || '').toUpperCase();
  if (langCountry && langCountry !== ipCountry) {
    // en-US on a DE IP is common for expats, so this is a soft signal,
    // but tz mismatch + lang mismatch together is block-grade.
    return 'soft';
  }
  return true;
}
// Rule of thumb: pin one country per session and derive tz+locale+lang from the exit IP.

Related terms

What Is a Rotating Proxy?

A rotating proxy is a proxy service that automatically assigns a different outbound IP address to each request, or to each new session, draw…

What Is a Residential Proxy?

A residential proxy routes your HTTP traffic through a real residential internet connection — a home broadband or fiber line — instead of th…

What Is Fingerprint Clustering?

Fingerprint clustering is the practice of grouping fingerprints from millions of real visitors by similarity, then rejecting any new visitor…

What Is Fingerprint Lie Detection?

Fingerprint lie detection is the practice of verifying that the signals a browser reports are internally consistent and untampered, rather t…

What Is Browser Fingerprinting?

Browser fingerprinting is a technique that identifies and tracks a visitor by combining dozens of small, observable characteristics of their…

What Is Proxy Web Scraping?

Proxy web scraping is the practice of routing scraper traffic through proxy servers — intermediate machines that forward requests on your be…

What Is Anti-Bot Detection?

Anti-bot detection is the set of techniques websites use to distinguish automated traffic from human users — and to block, challenge, or thr…

What Is Headless Browser Detection?

Headless browser detection is the set of probes anti-bot systems use to distinguish a headless or instrumented Chrome session from a real us…

What Is Browser Fingerprinting Evasion?

Browser fingerprinting evasion is the practice of configuring an automated browser so that the combined fingerprint it presents — canvas, We…

Anti-Bot Vendor Detection Cheatsheet

The first step of any scrape against a protected site is identifying which anti-bot vendor is in front of it. The vendor determines almost e…

How Do Websites Detect Web Scrapers?

Websites detect scrapers by collecting hundreds of signals across the network, transport, browser, and behavioral layers, then scoring the c…

What Is a DNS Leak?

A DNS leak is when a client resolves hostnames through its own DNS resolver instead of through the proxy, revealing the real network behind …

Concept map

How Timezone / IP Mismatch connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections

You are here · Anti-Bot

Tools & solutions for this topic

Frequently asked questions

How strong a signal is a timezone/IP mismatch on its own?

Strong. Real users overwhelmingly have a browser timezone matching their IP region. A clear mismatch (timezone country != IP country) is enough for a soft block at most vendors and a hard block when combined with any other anomaly. It is cheap to compute server-side, so nearly every anti-bot system checks it.

What about expats and travellers whose language does not match their IP?

That is why Accept-Language mismatch alone is treated as a soft signal - en-US on a German IP is plausible. But the timezone almost always still matches the IP for those users, because the OS timezone follows where they physically are. Timezone mismatch is the harder signal; language mismatch is corroborating.

How do I keep timezone and IP consistent with rotating proxies?

Pin a session to one proxy exit country instead of rotating mid-session, look up the exit IP, and set the browser timezone, languages, and (if used) geolocation to match that country before navigating. Tools that handle this automatically read the exit IP first, then configure the fingerprint - which is why a proxy the browser is not aware of breaks the alignment.

Last updated: 2026-05-30