I just started learning web automation and I’m using Camoufox which wraps around Playwright with Firefox for stealth browsing. Even though I set up everything according to the docs, DataDome keeps flagging my scripts when I test them.
Here’s what I’m running:
from camoufox.sync_api import Camoufox
from browserforge.fingerprints import Screen
import time
screen_settings = Screen(max_width=1366, max_height=768)
browser_options = {
"headless": "virtual",
"geoip": True,
"screen": screen_settings,
"humanize": True,
"enable_cache": True,
"locale": "en-US",
}
with Camoufox(**browser_options) as driver:
tab = driver.new_page()
tab.goto("https://datadome.co/anti-detect-tools/browserscan/")
tab.wait_for_load_state(state="domcontentloaded")
tab.wait_for_load_state('networkidle')
tab.wait_for_timeout(30000)
tab.screenshot(path="result.png", full_page=True)
print("Finished")
I turned on virtual headless mode and all the anti-detection features like humanize and geoip, but DataDome still catches it.
What I want to know:
What browser fingerprints am I probably missing?
Anyone here successfully got past DataDome with Camoufox lately?
Should I be manually faking WebGL, canvas, or audio fingerprints too?
I’m new to this and trying to learn how bot detection works and how to do automation properly without getting instant blocks.
Any tips or working configs would be awesome!
Extra details: Running this on a headless Linux server.
DataDome’s gotten way more sophisticated lately - they’re looking at way more than just browser fingerprints now. That 30-second static timeout in your script? Dead giveaway. Real users don’t wait exactly 30 seconds before taking screenshots. I’ve had better luck with Camoufox by throwing in random delays and actually simulating user behavior - mouse movements, scrolling, stuff like that before doing anything important. The humanize flag helps but it’s not nearly enough by itself. Also, DataDome keeps lists of known automation signatures. Even if your fingerprinting’s perfect, they might be catching Camoufox-specific patterns in how it handles browser APIs. I started rotating between different tools and that definitely helped drop my detection rates. Your code structure’s solid, but you need to work on making the behavior patterns more realistic.
Your headless Linux server is part of the problem. DataDome looks at system-level stuff - headless environments have different GPU drivers, missing audio devices, and other dead giveaways that you’re running automation. I hit the same wall when I moved my scripts from Windows desktop to a VPS.
Bigger issue though - you’re testing directly on DataDome’s detection page. That’s basically their honeypot built to catch bots. It’s probably their most aggressive endpoint. Test your setup on normal websites first to see if it actually works before hitting their scanner.
For your server, try using a desktop environment with real GPU acceleration instead of bare headless. Camoufox’s virtual headless mode helps but can’t fully fake the hardware signatures DataDome’s checking for.
DataDome’s gotten really aggressive lately - even residential proxies get caught sometimes. I see you’re using BrowserForge for screen settings but leaving everything else default. Mix up your user agent rotation and timezone settings too. That geoip flag might actually hurt you if your server location doesn’t match what DataDome expects. Try disabling it and see if that helps.