Glossary Anti-bot & fingerprinting

What is JA3 Fingerprint?

A JA3 fingerprint is a 32-character MD5 hash computed from five fields of a TLS ClientHello: version, cipher suites, extensions, elliptic curves, and curve point formats. It condenses a client's TLS negotiation behavior into a single comparable value that identifies the software stack making a connection.

JA3 Fingerprint

How a JA3 fingerprint is computed

JA3 reads the ClientHello at the start of a TLS connection and extracts five fields: the TLS version, the list of cipher suites, the list of extensions, the supported elliptic curves, and the elliptic curve point formats. Each field's values are written as decimal numbers joined by dashes, the five fields are joined with commas, and the resulting string is hashed with MD5 into a fixed 32-character value. Any client built on the same TLS library, version, and configuration produces the same hash on every connection.

A companion, JA3S, applies the same idea to the server's ServerHello, hashing the negotiated version, chosen cipher, and extensions. The JA3/JA3S pair characterizes both ends of a session, and the method has been widely deployed in intrusion detection, CDN, and anti-bot tooling since it was published in 2017.

JA3 Fingerprint

Why it matters for scraping and proxies

Because the default hashes of popular HTTP libraries are publicly catalogued, a scraper running library defaults effectively announces its tooling on every connection. Defenders maintain lists of JA3 values associated with automation and either block them outright or weight them heavily in risk scoring, and they cross-check the hash against the claimed User-Agent: a Chrome header arriving with a script-library JA3 is an immediate contradiction.

IP rotation does not affect any of this. The hash is generated by the client's TLS stack and travels with every connection through any proxy, so a flagged JA3 stays flagged from every exit IP until the client software itself changes.

JA3 Fingerprint

Practical notes and misconceptions

JA3 identifies software, not individuals — every user of a given browser release shares one hash, which is precisely why an uncommon hash stands out. The method is also aging: Chrome began randomizing ClientHello extension order in 2023, which scrambles JA3 values between connections from the same browser and led to JA4, a successor that sorts extensions before hashing and encodes additional context. Many detection stacks now compute both.

For scraping clients, the fix lives at the handshake layer: use a real browser, or a TLS-impersonation client whose hash matches the browser your headers claim to be.

FAQ

JA3 Fingerprint, answered

Is a JA3 hash unique to an individual user?
No. JA3 identifies the TLS stack, not the person. Every client running the same library version with the same settings produces the same hash, so millions of Chrome users can share one value. It becomes discriminating when it contradicts other signals or matches known automation tooling.
What replaced JA3 after browsers randomized TLS extensions?
JA4 is the most widely adopted successor. Chrome began randomizing ClientHello extension order in 2023, which made JA3 hashes unstable across connections from the same browser. JA4 sorts extensions before hashing and adds transport and ALPN context, restoring a stable value that survives randomization.

Theory covered. Now route something. Start free.

Residential, ISP, mobile and IPv6 networks under one account — test the concepts on real infrastructure.

ProxyOmega ProxyOmega

90M+ ethically-sourced IPs across 200+ countries and 30,000+ cities. Residential, mobile, ISP and IPv6 proxies for scraping and AI agents.

GDPRCCPA
Product
Premium Unlimited Budget Unlimited Residential / ISP Mobile IPv6 Chrome Extension
Solutions
Web scraping AI agents Price monitoring SERP & SEO Integrations All use cases
Resources
Glossary Error codes Free tools Proxies by platform Locations
Company
About Blog Docs Reseller program Affiliate Contact Sign in
© 2026 ProxyOmega Ltd. All rights reserved.