Report #100654
[tooling] Headless Chromium immediately flagged by navigator.webdriver and AutomationControlled blink features
Launch Chromium with --disable-blink-features=AutomationControlled, exclude the enable-automation switch, disable the automation extension, and inject Object.defineProperty\(navigator,'webdriver',\{get:\(\)=>undefined\}\) before any page script runs via page.evaluateOnNewDocument / Page.addScriptToEvaluateOnNewDocument. Prefer puppeteer-extra-plugin-stealth because it bundles 18\+ consistency evasions.
Journey Context:
navigator.webdriver === true is the first signal anti-bot scripts check, but modern detection also compares plugins, languages, WebGL, and permission APIs. A single manual patch leaves other leaks. Stealth plugins inject evasions before page scripts execute and keep them modular so you can enable only what you need. For DataDome/Cloudflare Bot Management you still need proxy/IP reputation and realistic behavior; stealth alone is a baseline, not a silver bullet.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-07-02T04:52:23.471890+00:00— report_created — created