Web Scraping APIs

What Is Camoufox?

Paste into ChatGPT, Claude, or any LLM

What Is Camoufox? — conceptual illustration

On this page

Camoufox is a fork of Firefox with anti-fingerprinting patches applied at the C++ build level. That phrase matters: most anti-fingerprinting tools, like playwright-stealth, change the browser by injecting JavaScript while it runs. Anti-bot systems can spot that injected code by inspecting it with Function.toString(). Camoufox instead bakes its changes into the browser binary when it is compiled, so there is nothing in the JavaScript runtime left to inspect. It is also driven by Mozilla's Juggler protocol (the remote-control channel for Firefox), which sits below CDP — the Chrome DevTools Protocol used to automate Chromium. Because of that, none of the CDP timing artifacts that give away Chromium-based stealth tools are present.

Base browser	Firefox (C++ build-time patches)
Control protocol	Mozilla Juggler — no CDP exposure
Reported compatibility	High on anti-bot-protected sites (major social & community sites — early 2026)
Key feature	geoip=True aligns WebRTC + DNS + timezone + Accept-Language
Fingerprint source	BrowserForge — samples real-world device distributions
Memory footprint	<200 MB per instance (vs Chrome ~800 MB)
Positioning	Debloated, headless-first browser built for AI agents

Why Camoufox exists

Modern anti-bots have a simple trick: they run Function.prototype.toString.call(fn) on browser functions to read the source code behind them. A genuine built-in function returns [native code]. If it returns anything else, the function has been tampered with — and the tampering itself becomes the bot signal. This breaks playwright-stealth completely: every value it overrides (navigator.webdriver, WebGLRenderingContext.prototype.getParameter, etc.) leaves a visible JavaScript source signature that toString exposes.

Camoufox changes the same things — canvas hash, WebGL renderer, AudioContext output, navigator quirks — but does it in C++ when the browser is built. The functions still return [native code] because they genuinely are native code. With no JavaScript injected, there is nothing for runtime inspection to catch.

The geoip flag

Anti-bots check whether five identity clues all agree: the IP's country, the WebRTC ICE candidate (the network address the browser reveals when setting up peer connections), the DNS resolver's location, the timezone, and the Accept-Language header. If a US proxy is paired with a Pakistani DNS resolver, the request fails this coherence check before the browser fingerprint even gets looked at.

Camoufox's geoip=True automatically lines up all five clues with the proxy's exit country. It looks up the proxy IP, finds its country, and configures the browser to match — no manual setup. This one feature covers the detection layer that scrapers most often forget.

Trade-offs vs alternatives

vs playwright-stealth: Camoufox defends at a layer that JavaScript patches simply cannot reach. playwright-stealth is largely broken against modern anti-bots in 2026.

vs CloakBrowser (Chromium): Camoufox is built on Firefox; CloakBrowser is built on Chromium. Chromium has roughly 65% of the browser market versus Firefox's ~3%, so for sites that weigh browser popularity, CloakBrowser blends in better. CloakBrowser also passes a major anti-bot's 60-extension probe by loading real extensions — something Camoufox does not handle as natively.

vs real Chrome: a real Chrome on real hardware is the gold standard, but it cannot scale to thousands of parallel sessions. Camoufox is the best headless option that still looks like a real browser.

What Camoufox patches at the C++ level

Camoufox goes far beyond hiding navigator.webdriver. Because everything is compiled into the binary, each of these returns a native value with no JavaScript source signature to inspect:

Navigator — device, OS, hardware concurrency, platform, vendor, and the full UA string
Screen & viewport — resolution, available dimensions, color depth, device pixel ratio
Canvas & WebGL — canvas hash, WebGL renderer/vendor, supported extensions, context attributes, and shader precision values
Audio — AudioContext output and speech playback-rate parameters
Fonts — the installed-font list, spoofed to match the target OS profile
Geolocation & Intl — latitude/longitude, timezone, locale, and Intl formatting
WebRTC — local and public ICE candidate IPs, spoofed at the protocol level rather than blocked

Fingerprint injection and rotation

Camoufox does not hand out a single hard-coded fingerprint to every session. It uses BrowserForge, which samples how device characteristics are actually distributed in the real world, so every generated profile holds together and looks plausible: the screen size fits the device class, the WebGL renderer fits the platform, the fonts fit the OS. You can let it auto-generate a profile, pin a specific one so a session keeps the same identity, or supply your own through the fingerprint argument. The PyPI package wires up the injection for you, so rotating identity across thousands of sessions is a config change rather than a rebuild.

Built for AI agents

Camoufox bills itself as an open-source browser built for AI agents, and the build shows it. It is a debloated Firefox — telemetry and background services stripped out — that runs headless-first and is tuned for a cleaner DOM, with no CSS-animation or telemetry noise. A cleaner page is cheaper for an LLM (large language model) to read and reason over. Add the sub-200 MB footprint and you can run many parallel agent sessions on modest hardware. The project stays in sync with the latest Firefox releases, and its source has been public since the v146.0.1-beta.25 release in January 2026.

Code example

python

from camoufox.sync_api import Camoufox

with Camoufox(
    headless=True,
    geoip=True,                # auto-align WebRTC, DNS, timezone, Accept-Language
    os=["windows", "macos"],   # BrowserForge samples a plausible profile from these
    locale="en-US",            # locale + Intl spoofing
    proxy={
        "server": "http://residential-proxy:port",
        "username": "user",
        "password": "pass",
    },
    humanize=True,             # realistic mouse and scroll cadence
    block_webrtc=False,        # spoofs ICE IPs instead of blocking (less detectable)
    block_images=False,        # block_images=True trips some detectors
) as browser:
    page = browser.new_page()
    page.goto("https://cloudflare-protected.com/")
    page.wait_for_load_state("networkidle")
    html = page.content()

Related terms

What Is a Headless Browser?

A headless browser is a real web browser — Chrome, Firefox, or WebKit — that runs without a visible window, driven entirely by code instead …

What Is Browser Fingerprinting?

Browser fingerprinting is a technique that identifies and tracks a visitor by combining dozens of small, observable characteristics of their…

What Is Cloudflare Turnstile?

Cloudflare Turnstile is a service that checks whether a visitor is a real human, but without showing the kind of puzzle a normal CAPTCHA doe…

What Is Canvas Fingerprinting?

Canvas fingerprinting is a way for a website to identify your device by asking the browser to draw a tiny invisible image, then turning the …

Web Scraping Tools 2026 — A Comparison

"Web scraping tools" is the whole family of software you use to pull data off websites — and in 2026 that family is big but neatly sorted in…

What Is Playwright?

Playwright is a cross-browser automation framework from Microsoft that drives Chromium, Firefox, and WebKit through a single API. An automat…

What Is Botasaurus?

Botasaurus is a free, open-source (MIT-licensed) Python framework for building web scrapers. You wrap your scraping functions with one of th…

Anti-Detect Browser Tools Compared

Anti-detect browser tools aim to present a consistent, real-looking browser configuration so that automated sessions render the same fingerp…

What Is Stack Depth Fingerprinting?

Stack depth fingerprinting measures the maximum JavaScript recursion depth a browser allows before throwing a RangeError: Maximum call stack…

Browser Automation Engine Benchmarks

A browser-automation-engine benchmark drives several automation stacks through the same set of targets and records, side by side, how often …

How Do You Choose an Anti-Detect Browser Tool?

Choosing an anti-detect browser tool comes down to matching the tool's strengths to the detection layer you actually face - no single tool i…

Concept map

How Camoufox connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections

You are here · Web Scraping APIs

Tools & solutions for this topic

Frequently asked questions

Is Camoufox open source?

Yes. Camoufox is open source, built as C++ patches layered on top of Firefox. The project ships pre-built binaries plus a Python API (with both sync and async styles) that works much like Playwright.

Why Firefox and not Chrome?

Firefox is automated through Mozilla's Juggler protocol, which sits below CDP (the Chrome DevTools Protocol). CDP itself leaks tell-tale signals — Runtime.enable timing, execution-context artifacts, binding exposure — that give away Chromium-based stealth tools. Firefox plus Juggler sidesteps all of them, simply because those signals do not exist in the protocol.

Does Camoufox handle CAPTCHAs?

Not directly — Camoufox does not deal with CAPTCHAs itself. But because Camoufox presents a real, consistent fingerprint, the suspicious context that usually triggers CAPTCHAs is reduced, so they show up less often. If one still appears, you would handle it separately.

How does this compare to playwright-stealth?

playwright-stealth patches detection points in JavaScript while the browser runs, which can be spotted via Function.toString(). Camoufox patches the same points in C++ when the browser is built, leaving no runtime signatures. That architectural difference is the whole point: most JS-level stealth is broken in 2026, while build-level patches are the current state of the art.

Where do Camoufox's fingerprints come from?

From BrowserForge, which samples real-world device-characteristic distributions to build internally consistent profiles — the screen size, WebGL renderer, fonts, and navigator properties all agree with each other and match real traffic. You can auto-generate a profile, pin one to keep a session's identity stable, or supply your own through the fingerprint argument.

Can Camoufox rotate fingerprints across many sessions?

Yes. The PyPI package automatically injects a fresh, internally consistent fingerprint into each browser instance, so rotating identity across thousands of parallel sessions is a config change rather than a rebuild. You can narrow the pool with options like os=["windows", "macos"] and locale to keep profiles plausible for your targets.

How much memory does Camoufox use?

Under 200 MB per instance, versus roughly 800 MB for Chrome. It is a debloated, headless-first Firefox with telemetry and background services stripped out, which is exactly what makes it practical to run many parallel agent or scraping sessions on modest hardware.

Does Camoufox block WebRTC to prevent IP leaks?

It can, but the default and recommended approach is to spoof the WebRTC ICE candidates at the protocol level so they match the proxy's exit IP. Blocking WebRTC outright is itself a detectable signal; spoofing keeps things looking like a normal browser while still stopping the real local and public IP from leaking.

Last updated: 2026-05-31