A reference on DataDome's client-side JavaScript tag: the ddjskey site identifier, the signals the browser collector gathers and posts to api-js.datadome.co, and how the challenge and interstitial flow is wired.
A primary-source walk through the Cloudflare interstitial: the window._cf_chl_opt object, the /cdn-cgi/challenge-platform/h/ orchestration endpoints, the obfuscated client script, and how a cf_clearance pass is returned.
Traces how Kasada's client SDK works: the x-kpsdk-ct and x-kpsdk-cd tokens, the obfuscated JavaScript VM that runs Kasada-specific bytecode, the proof-of-work it computes, and how the payload rotates per tenant.
![A V8-style error stack trace with an orange underline and the caption 'Function.prototype.toString() // [native code]'](/javascript-runtime-fingerprinting-cover.webp)
A reference on the JS-runtime fingerprinting surface: error stack formats, Function.prototype.toString, feature and timing probes, property enumeration order, and the engine quirks that betray a patched or automated browser.
How to read obfuscated anti-bot JavaScript without running it blind: beautify, scope and string-array recovery, Babel AST transforms, runtime hooking, and where the workflow hits a wall against bytecode VMs.
Traces how VM-based JavaScript obfuscation works: a custom opcode set and dispatcher loop replace readable code with bytecode, why this is the strongest JS obfuscation, and how devirtualization recovers the logic.
A reference on the JavaScript primitives obfuscators lean on most: dynamic eval and Function construction, the with statement for scope confusion, and string-array rotation, plus how AST deobfuscators take them apart.
A reference on the two staple transforms in obfuscated anti-bot JavaScript: the dispatcher-driven flattened state machine and the rotated, encrypted string array, and how deobfuscators undo both.
How to observe obfuscated JavaScript at runtime with CDP: setting breakpoints by URL and on exceptions, reading call frames, evaluating in a paused context, and tracing property access with Proxy wrappers.
Traces the anti-analysis layer inside anti-bot JavaScript: the debugger statement, timing checks, devtools-open detection, toString integrity checks, and self-defense against hooking, plus the moves analysts use to counter each one.