Argus Fingerprinting
Response Reference
Every field Argus returns on window.AAArgus, what it means, and which signals are unspoofable.
A successful fingerprint resolves to an object on window.AAArgus. Example:
{
"argus_visitor_id": "9f2c…",
"match_score": 0.94,
"id_source": "cookie",
"confidence": 0.88,
"bot_score": 0.0,
"network": {
"ja3": "771,4865-4866-…",
"ja3_hash": "cd08e31494f9531f560d64c695473da9",
"ja4": "t13d1516h2_…",
"aa_dfs": "…",
"akamai": "1:65536,2:0,4:6291456|…",
"http_version": "h2",
"ip": "203.0.113.7",
"user_agent": "Mozilla/5.0 …"
}
}Top-level fields
| Field | Type | Meaning |
|---|---|---|
argus_visitor_id | string | Stable device identity. Use this to recognize the device across visits. |
match_score | number (0–1) | Similarity between this visit and the matched device record. 0 when a new device record was created this visit (no prior record to match against). |
id_source | string | How the device was matched: cookie, storage, fingerprint, or new. |
confidence | number (0–1) | How identifying the collected signal set is. Higher = more distinctive. |
bot_score | number (0–1) | Automation likelihood. Higher = more bot-like (e.g. UA/TLS mismatch, missing canvas, headless tells). |
network | object | Server-derived network signals (see below). |
id_source values
cookie— matched via theaa_fpcookie hint from a previous visit (cheapest path).storage— matched via the localStorage hint (X-AA-FP-Storageheader) when the cookie was unavailable.fingerprint— no hint matched; matched by signal similarity against existing records.new— no match; a new device record was created this visit.
network object
| Field | Source | Meaning |
|---|---|---|
ja3 | server | JA3 TLS fingerprint string. |
ja3_hash | server | MD5 of the JA3 string. |
ja4 | server | JA4 TLS fingerprint. |
aa_dfs | server | PeetPrint-style TLS hash. |
akamai | server | Akamai HTTP/2 fingerprint (h2 only). |
http_version | server | h2 or http/1.1. |
ip | server | Client IP as seen by the service. |
user_agent | server | User-Agent header as received. |
Server-derived signals are unspoofable
Every field in network is computed by the Argus service from the raw TLS/HTTP layers, not from JavaScript. A browser cannot fake them, which is why a UA that disagrees with the TLS fingerprint raises bot_score.
The aa_fp cookie
On each response Argus sets a cookie so the next visit can take the cheap cookie path:
aa_fp=<argus_visitor_id>; Path=/; Max-Age=31536000; SameSite=None; Secure; PartitionedIt is a CHIPS partitioned cookie (Partitioned), so it is keyed to your site and not shared across top-level sites. Secure means it only flows over HTTPS.