It is not possible to detect and block Chrome headless is our second installment of techniques to bypass the user-hostile practice of blocking users based on characteristics of their web browsers (see also: Making Chrome Headless Undetectable). The test suite is implemented in chrome-headless-test.html and chrome-headless-test.js. You can visit the live test page at https://intoli.com/blog/not-possible-to-block-chrome-headless/chrome-headless-test.html to see how your current browser would fair. The results should look something like this, where red indicates a headless Chrome indicator.
The test results used in the article are generated using two scripts: test-headless-initial.js and test-headless-final.js. These both use Puppeteer as a browser automation framework to visit the test page and take a screenshot of the results. The Puppeteer dependency is included in the package.json file and you can install the dependencies by running
yarn installin this directory. You can then run the test-headless-initial.js script, which doesn't include any bypasses, with the following command.
node test-headless-initial.jsThis will create the headless-initial-results.png that you can see above.
To run the tests with the bypasses, you simply need to change the name of the script to test-headless-final.js.
node test-headless-final.jsThis will create a second headless-final-results.png image which looks like this.
As you can see, all of the tests have been bypassed! You can peruse the test-headless-final.js source code to see how the bypasses are implemented, or visit the original article for a more in-depth explanation of how they work.