JA3 and JA4 fingerprints have been showing up more and more often in discussions about bot mitigation and client identification. Amazon CloudFront exposes TLS-based JA4 as a CloudFront-generated header, but it does not provide the HTTP-request-based JA4H fingerprint.
That made me wonder: “Why not implement it ourselves with CloudFront Functions?” So I did. There are a few gotchas and design considerations you need to be aware of, and I’ll cover those as well.
In this article, I’ll first demonstrate the limitation through hands-on testing, then work around it with the CloudFront-Viewer-Header-Order header and show how to calculate a JA4H-equivalent fingerprint entirely within CloudFront Functions.
What Is JA4?
JA4+ is a suite of network fingerprints published by FoxIO and positioned as a successor to JA3. The best-known member is JA4, which is calculated from the TLS ClientHello. It generates a short string that is nearly unique to a particular client implementatio
Discussion
Start the conversation
Your voice can be the first to spark an engaging conversation.