Browser Profiles

Rezo ships with 18 browser profiles spanning six browser families. Each profile is a complete fingerprint snapshot taken from a real browser, including TLS parameters, HTTP/2 settings, header ordering, user agents for every platform, client hints, and navigator properties.

Available Profiles

Chrome (5 profiles)

Firefox (4 profiles)

Safari (5 profiles)

Edge (2 profiles)

Opera (1 profile)

Brave (1 profile)

Profile Structure

Every profile implements the BrowserProfile interface:

interface BrowserProfile {
  // Identity
  id: string;                                    // e.g. 'chrome-131'
  family: 'chrome' | 'firefox' | 'safari' | 'edge' | 'opera' | 'brave';
  engine: 'blink' | 'gecko' | 'webkit';
  version: string;                               // Full version string
  majorVersion: number;                          // e.g. 131
  device: 'desktop' | 'mobile';

  // TLS fingerprint (controls JA3/JA4)
  tls: TlsFingerprint;

  // HTTP/2 SETTINGS frame values
  h2Settings: Http2Settings;

  // Header ordering
  pseudoHeaderOrder: string;   // e.g. 'masp' for Chrome (:method :authority :scheme :path)
  headerOrder: string[];       // Regular headers in exact browser send order

  // User-Agent strings per platform
  userAgents: {
    windows: string;
    macos: string;
    linux: string;
    android?: string;           // Mobile profiles only
    ios?: string;               // iOS profiles only
  };

  // Default header values
  accept: string;
  acceptEncoding: string;
  acceptLanguage: string;

  // Client hints (Chromium-based browsers only)
  clientHints: ClientHints;

  // Navigator properties for JS environment emulation
  navigator: NavigatorProperties;
}

TlsFingerprint

Controls the TLS ClientHello that anti-bot systems analyze:

interface TlsFingerprint {
  ciphers: string;         // OpenSSL cipher names, colon-separated, in exact browser order
  sigalgs: string;         // Signature algorithms, colon-separated
  ecdhCurve: string;       // ECDH curves / supported groups
  minVersion: 'TLSv1.2' | 'TLSv1.3';
  maxVersion: 'TLSv1.2' | 'TLSv1.3';
  alpnProtocols: string[]; // ALPN protocol list in browser order
  sessionTimeout: number;  // TLS session timeout in seconds
}

Http2Settings

Values sent in the HTTP/2 SETTINGS frame:

interface Http2Settings {
  headerTableSize: number;      // SETTINGS_HEADER_TABLE_SIZE (0x01)
  enablePush: boolean;          // SETTINGS_ENABLE_PUSH (0x02)
  maxConcurrentStreams: number;  // SETTINGS_MAX_CONCURRENT_STREAMS (0x03)
  initialWindowSize: number;    // SETTINGS_INITIAL_WINDOW_SIZE (0x04)
  maxFrameSize: number;         // SETTINGS_MAX_FRAME_SIZE (0x05)
  maxHeaderListSize: number;    // SETTINGS_MAX_HEADER_LIST_SIZE (0x06)
  connectionWindowSize: number; // WINDOW_UPDATE sent after SETTINGS
}

ClientHints

Chromium-specific client hint headers (null for Firefox and Safari):

interface ClientHints {
  secChUa: string | null;                  // sec-ch-ua brand list
  secChUaMobile: string | null;            // '?0' or '?1'
  secChUaPlatform: string | null;          // e.g. '"Windows"'
  secChUaFullVersionList?: string;
  secChUaArch?: string;
  secChUaBitness?: string;
  secChUaModel?: string;                   // Mobile only
  secChUaPlatformVersion?: string;
}

NavigatorProperties

Emulated window.navigator values:

interface NavigatorProperties {
  platform: string;            // e.g. 'Win32', 'MacIntel', 'Linux x86_64'
  hardwareConcurrency: number; // Logical CPU count
  deviceMemory: number;        // Device memory in GB
  maxTouchPoints: number;      // 0 for desktop, 5+ for mobile
}

Pseudo-Header Ordering

Browsers send HTTP/2 pseudo-headers in different orders. This is encoded as a shorthand string where m = :method, a = :authority, s = :scheme, p = :path:

Registry Functions

The profile registry provides programmatic access to all profiles:

import {
  listProfiles,
  getProfile,
  getProfilesByFamily,
  getProfilesByDevice,
  getRandomProfile,
  getRandomProfileByFamily
} from 'rezo/stealth';

listProfiles()

Returns all available profile IDs:

const ids = listProfiles();
// ['chrome-120', 'chrome-124', 'chrome-128', 'chrome-131',
//  'chrome-131-android', 'firefox-115', 'firefox-121', ...]

getProfile(id)

Look up a single profile by its ID:

const profile = getProfile('firefox-133');
if (profile) {
  console.log(profile.engine);      // 'gecko'
  console.log(profile.tls.ciphers); // NSS cipher suite order
}

getProfilesByFamily(family)

Get all profiles for a browser family:

const chromeProfiles = getProfilesByFamily('chrome');
// Returns 5 profiles: chrome-120, chrome-124, chrome-128, chrome-131, chrome-131-android

getProfilesByDevice(device)

Filter profiles by device type:

const mobileProfiles = getProfilesByDevice('mobile');
// Returns: chrome-131-android, safari-17-ios, safari-18-ios

getRandomProfile()

Pick a random profile from the entire registry:

const profile = getRandomProfile();
console.log(profile.id); // Could be any of the 18 profiles

getRandomProfileByFamily(family)

Pick a random profile from a specific family:

const profile = getRandomProfileByFamily('safari');
console.log(profile.id); // One of: safari-16.6, safari-17.4, safari-18.2, safari-17-ios, safari-18-ios

Engine Differences

Blink (Chrome, Edge, Opera, Brave)

• Uses BoringSSL cipher suites
• Sends sec-ch-ua client hints
• HTTP/2 pseudo-header order: :method :authority :scheme :path
• sec-fetch-* metadata headers on every navigation request

Gecko (Firefox)

• Uses NSS cipher suites (different order from BoringSSL)
• No sec-ch-ua client hints
• HTTP/2 pseudo-header order: :method :path :authority :scheme
• sec-fetch-* headers present but with different default values

WebKit (Safari)

• Uses Apple’s TLS library with its own cipher suite order
• No sec-ch-ua client hints
• HTTP/2 pseudo-header order: :method :scheme :path :authority
• Minimal sec-fetch-* header support