Camoufox vs. Rebrowser vs. Stock Playwright: A Fingerprint Benchmark

If you're choosing a browser for production scraping in 2026, you have more options than you did two years ago, and the differences matter more than most benchmarks show. "Which browser passes fingerprint detection?" is the wrong question. The right question is: which browser passes fingerprint detection against your specific targets, at your required scale, with your acceptable maintenance burden?

This post runs each major option through a structured evaluation. Real detection tests, not marketing copy.

The Candidates

Stock Playwright (headless Chromium):

The baseline. Managed by Microsoft, excellent API, massive community. Default headless configuration has well-documented fingerprint tells. Used by most scrapers who haven't thought hard about detection.

rebrowser-playwright:

A Playwright fork that patches Chromium's headless tells at the CDP level. Maintained by the rebrowser team. Drop-in replacement API. Focuses specifically on removing the --headless detection vectors without changing the browser's feature surface.

Camoufox:

A Firefox-based anti-detect browser built for automation. Randomizes browser fingerprints (canvas, WebGL, fonts, screen resolution, timezone) per session, making each session present a distinct identity. More invasive modifications than rebrowser-patches, requires a different API.

Playwright with stealth plugins:

Stock Playwright plus playwright-extra with the puppeteer-extra-plugin-stealth port. Community-maintained JS injection approach. More fragile than purpose-built solutions but requires no custom browser binary.

What Fingerprint Detection Actually Checks

Before the benchmark, it's worth being precise about what bot detection systems look at:

Automation flags (easy to detect, well-known):

• navigator.webdriver === true

• Presence of __playwright* or __selenium* window properties

• Missing browser plugins array (headless Chrome has 0)

• chrome.runtime undefined in headless

• Inconsistent navigator.languages

Deeper browser fingerprints (harder, requires purpose-built tooling):

• Canvas fingerprint: headless Chromium and headed Chromium produce different canvas outputs

• WebGL renderer/vendor strings: SWIFTSHADER in headless, real GPU strings in headed

• AudioContext fingerprint: timing differences between headless and headed

• Font enumeration: headless environments have a different font set

• Screen resolution vs. viewport ratio anomalies

• CPU core count consistency with other signals

Behavioral signals (browser-independent, handled by proxy + behavioral modeling):

• Mouse movement patterns

• Keystroke timing

• Navigation arc (page visit sequence)

• Session depth and dwell time

The browser choice affects the first two categories. Behavioral signals require separate work regardless of browser.

The Benchmark Setup

Tests run against four detection endpoints:

1. BrowserLeaks (browserleaks.com): open fingerprinting toolkit, not adversarial

2. CreepJS (abrahamjuliot.github.io/creepjs): comprehensive fingerprint consistency scoring

3. Cloudflare Bot Management: production anti-bot on a test property

4. Custom Kasada detection test: run against a Kasada-protected sandbox

Proxy: Evomi residential (same IP range across all tests to isolate browser variable).

Stock Playwright: The Baseline

// Default setup — what most scrapers run
const { chromium } = require('playwright');
const browser = await chromium.launch({ headless: true });
const page = await browser.newPage();
await page.goto('https://browserleaks.com/javascript');

Results:

Stock headless Playwright fails every meaningful detection test. This is the configuration running in most hobbyist and small-scale scrapers. Against any serious anti-bot system, it doesn't work.

rebrowser-playwright: Patching the Obvious Tells

// rebrowser-playwright — drop-in Playwright replacement
const { chromium } = require('rebrowser-playwright');
const browser = await chromium.launch({
    headless: true,
    args: ['--disable-blink-features=AutomationControlled'],
});
const page = await browser.newPage();

rebrowser-patches removes the most obvious automation indicators at the CDP level:

• navigator.webdriver → undefined

• Chrome automation extensions → removed

• Plugin array → populated with realistic values

• Runtime detection vectors → patched

Results:

Significant improvement over stock. Passes most basic fingerprint checks. Fails on deeper canvas/WebGL signals that require actual GPU rendering.

Best for: Targets using basic bot detection (Cloudflare Free/Pro, basic DataDome configurations). Not sufficient for Kasada or Shape.

Camoufox: The Firefox Approach

# Camoufox Python API
from camoufox.sync_api import Camoufox

with Camoufox(headless=True, humanize=True) as browser:
    page = browser.new_page()
    # Each session gets randomized fingerprints
    page.goto('https://browserleaks.com/canvas')

Camoufox's core differentiator: it patches Firefox at the C++ level to randomize fingerprints per session. Canvas, WebGL, AudioContext, font enumeration, screen metrics: each browser session presents a unique, internally consistent fingerprint. It also ships with humanize=True for behavioral simulation.

Results:

The best fingerprint score of the three options. The Firefox engine also has a different base fingerprint from Chrome-based tools, which provides some additional diversity value, most bot detection training data skews toward Chromium headless detection.

Trade-offs:

• Firefox DevTools Protocol vs. CDP: some Playwright-specific APIs differ slightly

• Smaller community than Playwright ecosystem

• humanize=True adds latency (behavioral delays are intentional)

• Chrome-specific sites occasionally have Firefox compatibility edge cases

Best for: High-value targets with serious fingerprint detection. Kasada and Shape protected properties benefit most.

Playwright with Stealth: The Middle Ground

const { chromium } = require('playwright-extra');
const stealth = require('puppeteer-extra-plugin-stealth');
chromium.use(stealth());

const browser = await chromium.launch({ headless: true });

The stealth plugin applies JS-level patches for common detection vectors. It's maintained by the community, reasonably up to date, and requires no custom browser binary.

Results:

Performance is between stock Playwright and rebrowser. More fragile than either dedicated solution: JS-level patches can be detected by checking for the patching patterns themselves.

The Decision Matrix

Proxy Still Matters

The browser is one variable. The IP is another, and for Kasada and Shape, it's the dominant variable. A Camoufox session from a burned proxy IP will fail. A rebrowser-playwright session from a clean residential IP will pass more checks than a Camoufox session from a datacenter IP.

Evomi's residential proxies provide the clean IP layer that makes the browser-level fingerprint improvements meaningful. Both variables need to be right. The best browser and a bad proxy is still a bad combination.

The Recommendation

• Default choice for serious scraping: Camoufox. The fingerprint quality is genuinely better, the maintenance burden is low, and it works where stock Playwright doesn't.

• If you're already on Playwright and can't change the stack: rebrowser-playwright. Drop-in replacement, meaningful improvement, no migration cost.

• Stock Playwright: Only for completely unprotected targets or internal tools.

Start with Camoufox + Evomi residential proxies. That combination passes the detection tests that matter in 2026.