How do anti-bot systems detect automation?
Modern anti-bot systems read three structurally different surfaces. Driver/binary artifacts — ChromeDriver's cdc_ variables and the WebDriver protocol. CDP side-effects — Runtime.enable leaks, injected init-scripts, main-world execution, and the default automation viewport. The fingerprint surface — canvas, WebGL, audio, fonts, navigator, and TLS, read across the main frame, iframes and workers.
JavaScript stealth plugins only patch the third layer, and even there they self-reveal: a native getter stringifies to [native code], but an override stringifies to its own source, and a detector can re-acquire a pristine function from a fresh iframe or worker to catch it.
Clearcote moves identity control into the C++ engine, so the getters are native across every realm and the JavaScript agrees with the real TLS/HTTP-2 stack underneath — no spoofed-JS-over-real-network seam to cross-check. Read the full breakdown in how detection works.