Skip to main content
Network status
Log in
Piloterr
Back to blog
June 21, 2026

hellojs vs undici: why your Node scraper gets blocked on JA4

If you scrape with Node.js using undici, axios, or node-fetch, anti-bot systems can often block you even when your User-Agent looks exactly like Chrome. The reason is not the header: it is the TLS and HTTP/2 fingerprint emitted during the handshake.

What leaks in a typical Node client

Capture a real Chrome session on tls.peet.ws and compare it to Node's default stack. Chrome on macOS often shows values like:

  • JA4 like t13d1516h2_8daaf6152771_d8a2da3f94cd (see JA4+ spec)
  • HTTP/2 Akamai settings in Chrome order with WINDOW_UPDATE +15663105
  • ALPS, GREASE, and hybrid X25519MLKEM768 key shares

Node's native TLS stack orders ciphers for OpenSSL defaults, skips GREASE, and sends HTTP/2 SETTINGS in a different shape. Bot managers (Cloudflare, Akamai, DataDome, PerimeterX) fingerprint this before your first HTTP byte.

hellojs: Chrome-shaped TLS from Node

@unreleased/hellojs is a Node HTTP client that rebuilds the on-the-wire handshake to match Chrome 147 on macOS: JA4, Akamai H2, ALPN, and default header ordering. It also supports:

  • Cloning captures from tls.peet.ws via profiles.registerFromPeet()
  • HTTP/3 via Alt-Svc upgrade
  • SOCKS5 and HTTP CONNECT proxies

It does not run in the browser: use it in your scraper runtime, not in front-end code.

For TLS impersonation in other runtimes, see curl-impersonate (Python/C) or uTLS (Go).

Inspect fingerprints without guessing

Use these free Piloterr toolbox tools (browser-only):

When TLS mimicry is not enough

TLS fingerprinting is one layer. Sites also check browser runtime signals (canvas, WebGL, navigator.webdriver), IP reputation, and behavior. For production scraping at scale, combine:

  1. Realistic TLS/H2: dedicated impersonation clients (curl-impersonate, uTLS, reqwest-impersonate, etc.), or Piloterr articles on hellojs and wreq
  2. Consistent headers: Chrome Request Headers Builder
  3. Managed proxies and browser automation when needed: Piloterr Web Scraping API

Further reading

More to read

Guides and news about web scraping, proxies, and data extraction.

View all articles
Fingerprint

RNet : Ultra-Fast Python HTTP Client with Advanced TLS Fingerprinting

RNet: Ultra-fast Python HTTP client with advanced TLS fingerprinting and browser emulation. Bypass anti-bot systems with Rust-powered performance.

Josselin Liebe
Josselin Liebe
Read
Fingerprint

Wreq : Rust HTTP Client for Browser Emulation and TLS Fingerprinting

Discover Wreq, the ultimate Rust HTTP client for browser emulation and TLS fingerprinting. Bypass anti-bot systems with practical web scraping examples.

Josselin Liebe
Josselin Liebe
Read
Fingerprint

What is TLS fingerprinting ?

A security system called Transport Layer Security (TLS) encrypts all internet traffic to improve online security. For the purpose of securing web-based communication between a client and a server, cryptographic methods are used. TLS handshake refers to the procedure of starting a communication session using TLS.

Josselin Liebe
Josselin Liebe
Read

Ready to get started?

Your web scraping API is one click away. Start with +500 credits, no infrastructure to set up, no proxies to manage, and no credit card required.

Start free (+500 credits)