Skip to main content

Product

Full-stack fingerprint control

404 intercepts your traffic at every layer (TLS handshake, HTTP headers, JavaScript APIs, and TCP/IP packets) and replaces your fingerprint with a profile-driven identity that passes commercial detection.

Architecture

Two modules, one identity

Most privacy tools protect one layer and leave everything else exposed. 404 covers the full stack with two coordinated modules that share a single profile.

Application layer

STATIC Proxy

Synthetic Traffic and TLS Identity Camouflage

A ground-up Rust proxy that sits between your browser and the internet. It terminates TLS, rewrites the handshake, reorders HTTP headers, and injects JavaScript spoofing. All driven by a single JSON profile.

  • TLS layer Cipher order, extensions, key shares, JA3/JA4 fingerprint
  • HTTP layer Header ordering, User-Agent, client hints, Accept negotiation
  • JavaScript layer Canvas, WebGL, audio context, font enumeration, WebRTC
  • Behavioral layer Timing patterns, interaction noise, automation evasion
Network layer

eBPF Module

Linux kernel packet-level fingerprint control

An eBPF program that hooks into Linux's traffic control egress path. It modifies outgoing packets before they leave your machine, targeting the values tools like p0f and nmap use to fingerprint your machine.

  • IPv4 TTL, TOS, IP ID, TCP window, sequence numbers, MSS, timestamps
  • IPv6 Hop limit, flow label, TCP parameters
  • Safety eBPF verifier ensures kernel stability — no crashes, no arbitrary memory access

Approach

Profiles, not randomization

Most fingerprint tools randomize values on every request. That's detectable. 404 applies a complete, internally consistent browser profile and holds it across sessions.

Coherent across layers

Your TLS handshake says Chrome on Windows. Your HTTP headers agree. Your JavaScript APIs confirm it. Your TCP/IP packets match Windows network stack defaults. No mismatches, no red flags.

Deterministic, not random

Each profile produces the same fingerprint every time. Canvas hashes, WebGL parameters, and timing patterns are all seeded from the profile and consistent across sessions, just like a real browser.

Built from real browser behavior

Profiles aren't theoretical constructs. They're derived from actual browser telemetry: real cipher orders, real header sequences, real JavaScript API responses. The goal is to look like one of millions, not like something unusual.

How 404 compares

VPN Tor Anti-detect browsers 404
IP address masking ~
TLS fingerprint control ~ ~
HTTP header control ~
JavaScript API spoofing ~
TCP/IP packet fingerprint
Cross-layer consistency ~
Open source ~
Built for people

404 complements VPNs, it doesn't replace them. Use a VPN to hide your IP. Use 404 to hide your identity.

Data flow

What happens to your traffic

Every request passes through a deterministic pipeline. Each stage reads from the active profile and applies mutations in a fixed order.

Browser connects

Your browser sends an HTTP CONNECT request to 404's local proxy at 127.0.0.1:8080.

TLS termination

404 generates an on-demand certificate for the target domain, signed by its local CA. Your browser sees a trusted connection.

Pipeline processes request

Five stages run in order: header profiling, Alt-Svc normalization, CSP nonce generation, JavaScript injection, and behavioral noise tagging.

Upstream with new identity

404 dials the origin server with a new TLS handshake built from the profile — cipher order, extensions, key shares, and ALPN all match the target browser.

Response flows back

The response passes through the pipeline in reverse. CSP headers are rewritten, spoofing scripts are injected, and the page reaches your browser with a clean identity.

Read the full architecture docs

Current status

Where we are

404 is in active development. Here's where things actually stand.

Working now

  • STATIC proxy with full HTTP/1.1 and HTTP/2 support
  • TLS fingerprint control (JA3/JA4)
  • Header profiling and reordering
  • Canvas, WebGL, audio, and font spoofing
  • CSP-aware JavaScript injection
  • eBPF packet-level fingerprint mutation
  • Passes FingerprintJS, BrowserLeaks, CreepJS, Cover Your Tracks
  • Tauri desktop app (beta)

In progress

  • eBPF and STATIC profile data sharing
  • BoringSSL integration for RSA/GREASE support
  • Connection pooling and keepalive
  • Streaming body support for large payloads
  • HTTP/3 via QUIC

Planned

  • Automatic profile updates
  • Dashboard and telemetry (Power tier)
  • Certificate rotation automation
  • Performance benchmarking suite
  • Integration test harness with headless browser

Ready to try it?

404 is open source and free to build yourself. The docs cover installation. If you need something specific, reach out.

Get started Talk to us