Argus — Multi-Layer Fingerprinting

Every layer watched. Every visitor seen.

Multi-layer fingerprinting from the TCP handshake to the canvas pixel — catch automation, anti-detect browsers, and rotating proxies, even when nothing else can.

Get an API key Read the docs See it in action

Built on JA3 / JA4 / Akamai H2 open standards3 ms p99 at the edgeOn Developer & Pro plans

7

independent layers

TCP → canvas

<3 ms

edge verdict

p99 latency

99.97%

anti-detect catch rate

across 4 vendors

1 line

of integration code

drop-in SDK

What Argus actually does

Five capabilities. One visitor id.

Each card is a layer of the same fingerprint. Combine them and a spoofer needs to fool all five at once — across every request, on every page.

TLS / JA4

live ja4 parsetls 1.3 · 1 packet

t13_d_1516_h2_8daaf6152771_b186095e22b6

verTLS 1.3

sniwith SNI

ciphers15 ciphers, 16 ext

alpnHTTP/2

cipher#cipher hash

ext#extension hash

Read the handshake before the body arrives

JA3, JA4, JA4_r and the in-house API Armor TLS signature. Spoofers can rewrite the user-agent, but cipher and extension ordering give them away on packet one.

Browser SDK

Canvas18.4 bits

Audio14.2 bits

WebGL12.8 bits

Fonts9.6 bits

Hardware-level entropy

Physical signals that are hard to spoof.

Anti-Detect

JA4

Akam

HTTP

Canv

WebG

Audi

Work

Seven eyes — one never blinks

Patched main thread? Argus also reads from the Worker.

Fuzzy Cluster

76.157.238.79

142.84.109.107

91.132.171.98

visitorv_8da4f6matched

Same client across rotated IPs

Fuzzy matching across all seven layers — recognise returning clients.

Real-time

<3ms p99

Verdict in milliseconds

One header injected on every request. No extra round trip.

Threats hiding in plain sight

What your stack sees vs. what's really there

Three real attacker scenarios that pass through most stacks as “normal traffic.” The top of each card is the log line your server writes — the bottom is what Argus actually catches.

RESIDENTIAL · PROXY-ROTATION

Rotating residential proxies

99%

argus confidence

INTERCEPTED

Same actor as 4,200 prior sessions. Identical TLS JA4, identical canvas hash, identical audio fingerprint across every rotated IP.

caught viaJA4CanvasAudio

ANTI-DETECT · BROWSER-SPOOF

Anti-detect browser

100%

argus confidence

INTERCEPTED

Main thread reports Chrome 142 / macOS. Worker scope still says HeadlessChrome. The patch covered window.navigator but missed self.navigator.

caught viaWorkerGPUJA4

HEADLESS · PATCH-AND-CLOAK

Patched headless Chromium

98%

argus confidence

INTERCEPTED

TLS extension order doesn't match real macOS Chrome. Audio context fingerprint is constant across 14 'different' users — the runtime patched canvas but forgot AudioContext.

caught viaJA4AudioCanvas

Live signal stream

Bytes in, fingerprints out, verdict in milliseconds.

argus/pipeline.live

live

01Inbound bytes

16 03 01 02 00 01 00 01 fc 03 03 9e 88 d2 e1 f7 4a 09 1c 67 b2 c4 8e 5d 7a 31

02Computed fingerprints

JA4t13d1516h2_8daaf6152771_b186095e22b6

Akamai H21:65536;2:0;4:6291456;6:262144|15663105|0|m,a,s,p

Canvas SHAa4f7c3e2b9d18f4c7a2e6b1d8f3c9a5e891c4b7a

03Verdict

matched: returning client

illustrative — argus does not stream raw bytes to the client

v1.0 · <3ms p99

Cookies cleared. IP rotated. Same client.

Argus stores fingerprints with fuzzy matching across the full seven-layer signature, so you recognise returning clients across whatever they reset.

One eye loses them; the other six don't.

clustering · 120 signatures

76.157.238.79

142.84.109.107

91.132.171.98

24.224.106.42

How we compare

Deep beats wide.

Most stacks watch one place. Argus watches every place at once.

Capability	Browser-only fingerprinting	Network-only bot management	Argus all layers
TLS / handshake fingerprint JA3, JA4, JA4_r
HTTP/2 + HTTP/3 fingerprint Akamai signatures
Browser canvas / WebGL / audio Hardware entropy
Headless / anti-detect browser detection Worker-scope checks
Cross-session fuzzy matching Across IPs and cookies
One API for all layers Single visitor id

Drop-in integration

Integrate in 60 seconds.

One line in your <head> — Argus starts fingerprinting on the next request.

index.html — argus sdk

<script

src="https://fpcdn.api-armor.com/js/dfs.min.js"

site-id="aa-argus-YOUR-SITE-ID"

async

></script>

➜~

Engineering FAQ

Common questions.

The five things every engineering team asks before they ship.

Start fingerprinting in production today.

No credit card. Drop the SDK in five minutes; see your first verdict in fifty.

Get an API key Talk to an engineer

Included in

Developer$9/mo Pro$49/mo

Built on the open JA3, JA4, and Akamai H2 fingerprint standards.