Can JA4 fingerprints be changed?

No, JA4 fingerprints are currently fixed per profile.

What is JA4?

JA4 is a modern TLS fingerprinting method that analyzes and summarizes key characteristics of a browser's TLS handshake including protocol versions, cipher suites, extensions, and their ordering into a stable, reproducible hash. It is the successor to the older JA3 fingerprinting standard and is considered significantly more robust and harder to spoof convincingly.

TLS fingerprinting is used by websites, bot detection services, and security platforms to identify the type of client making a request, independent of cookies, IP addresses, or other traditional tracking methods. Because the TLS handshake happens at a low network level before any application-layer interaction, it is very difficult to manipulate without introducing inconsistencies that detection systems can flag.

How Kameleo handles JA4

In Kameleo, JA4 TLS fingerprints are generated at the time of profile creation and remain fixed for the lifetime of that profile. This means the TLS handshake stays internally consistent across all sessions, the resulting JA4 hash does not change between launches, and the fingerprint behaves like a real, stable browser environment rather than a dynamically shifting one.

This is a deliberate design choice. Randomly altering low-level TLS parameters between sessions would likely do more harm than good  detection systems are increasingly aware that legitimate browsers produce highly consistent TLS fingerprints, and a profile whose JA4 hash changes frequently would stand out as anomalous rather than blending in.

Example: A bot detection system logs the JA4 hash on every visit. If your profile's hash changed between sessions, it would appear as though a completely different browser client was accessing the same account, which in turn would indicate a strong signal of automation or manipulation. A fixed, consistent JA4 hash looks far more like a genuine user.

What this means for you

If you require a different JA4 fingerprint, the recommended approach is to create a new profile. Each profile is generated with its own stable fingerprint, giving you a distinct TLS identity per profile without compromising consistency within any individual profile.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.