Web scraping has become a battlefield. Modern websites deploy sophisticated bot detection systems that analyze everything from your TLS fingerprints to mouse movement patterns. Traditional headless browsers like Puppeteer and Selenium were designed for testing, not scraping—and it shows. They leave behind obvious traces that anti-bot systems catch instantly. Enter Hero, the game-changing solution that flips the script on detection systems.
This powerful headless browser was engineered from the ground up for one purpose: extracting web data without getting blocked. With built-in TLS fingerprinting protection, complete browser emulation, and a revolutionary NodeJS DOM implementation, Hero eliminates the headaches that have plagued developers for years. In this deep dive, you'll discover how Hero transforms web scraping, explore real code examples, learn advanced stealth techniques, and understand why it's becoming the go-to tool for serious data extraction projects.
What is Ulixee Hero?
Hero is a next-generation headless browser developed by Ulixee, specifically architected for web scraping rather than automated testing. While most headless browsers evolved from testing frameworks, Hero was built with a singular mission: to mimic human browsing behavior so accurately that even the most advanced anti-bot systems can't distinguish it from a real user.
The project emerged from the recognition that existing tools were fundamentally flawed for scraping. Puppeteer, Playwright, and Selenium excel at testing web applications but leave numerous detectable fingerprints in their networking stack, browser environment, and interaction patterns. Hero addresses these vulnerabilities through a comprehensive evasion strategy that protects against detection at every layer—from TLS handshakes to DOM property inconsistencies.
What makes Hero truly revolutionary is its W3C-compliant DOM implementation directly in NodeJS. Instead of juggling complex evaluate callbacks and context switching between Node and browser environments, developers can write scraping logic using familiar DOM APIs as if they were operating inside the browser itself. This architectural decision eliminates one of the biggest pain points in modern web scraping: the mental overhead of asynchronous communication between scripts.
Hero leverages the full power of the Chrome engine under the hood, ensuring lightning-fast rendering and compatibility with modern web standards. Its emulator system allows you to disguise your scraper as practically any browser on any operating system, complete with accurate user agents, viewport characteristics, and hardware fingerprints. The integrated TLS fingerprinting protection ensures your networking stack doesn't betray your automated nature—a critical vulnerability that many scrapers overlook until they start getting mysteriously blocked.
Key Features That Make Hero Stand Out
1. Purpose-Built for Scraping
Unlike general-purpose automation tools, every design decision in Hero prioritizes evasion and data extraction. The architecture assumes you're operating in an adversarial environment where websites actively try to block you. This manifests in automatic handling of canvas fingerprint randomization, WebGL spoofing, media device enumeration masking, and countless other detection vectors that testing tools ignore.
2. Native NodeJS DOM Implementation
Hero's most developer-friendly feature is its recreation of the entire DOM specification directly in NodeJS. You can write hero.document.querySelector() or hero.document.title without wrapping everything in evaluate functions. This isn't just syntactic sugar—it's a fundamental rethinking of how scrapers should interact with web pages. The system serializes DOM state efficiently, allowing you to query elements, extract properties, and navigate the DOM tree using standard JavaScript patterns you're already familiar with.
3. Multi-Layer Detection Evasion
Hero protects against detection across the entire technology stack. At the network layer, it implements TLS fingerprint randomization and mimics real browser cipher suites. In the browser environment, it patches hundreds of JavaScript properties that reveal headless mode. For user interactions, it generates human-like mouse movements, realistic typing patterns, and proper scroll behaviors. This defense-in-depth approach ensures that if one layer is compromised, others remain intact.
4. Powerful Browser Emulation System
The emulator framework allows Hero to impersonate any modern browser with surgical precision. Each emulator package contains meticulously collected data about real browser signatures, including CSS feature support, audio context behavior, font rendering quirks, and timing characteristics. You can switch between Chrome on Windows, Safari on macOS, or Firefox on Linux with a single configuration change, making it trivial to rotate identities and avoid pattern detection.
5. Chrome Engine Performance
Underneath all the evasion technology lies the battle-tested Chrome rendering engine. This means Hero handles modern JavaScript frameworks, WebGL applications, and complex single-page applications with the same performance you'd expect from a production browser. No compromises on rendering speed or web compatibility—just pure scraping power.
6. Plugin Architecture
The Unblocked plugin system allows community contributions for new evasion techniques. The repository includes plugins for masking browser, network, user interaction, and operating system markers. This open ecosystem ensures Hero stays ahead of detection methods as they evolve, with contributions from developers facing real-world blocking scenarios.
7. DoubleAgent Detection Testing
Hero includes a sophisticated testing framework called DoubleAgent that analyzes your scraping setup against real detection engines. It runs comprehensive tests across TCP, TLS, HTTP, DOM, and user interaction layers, providing detailed reports on potential detection vectors. This allows you to validate your stealth before deploying to production, eliminating guesswork from the evasion process.
Real-World Use Cases Where Hero Dominates
E-Commerce Price Intelligence
Major retailers deploy bot detection that blocks traditional scrapers within minutes. Hero's TLS fingerprinting protection and realistic interaction patterns allow you to monitor competitor pricing across hundreds of product pages without triggering rate limits or CAPTCHAs. The native DOM access makes parsing product listings, extracting variant data, and tracking inventory statuses straightforward, while browser emulation ensures you appear as a legitimate customer browsing from different regions.
SEO Data Collection at Scale
Search engine result pages are notoriously difficult to scrape, with Google and Bing employing some of the most sophisticated anti-bot systems online. Hero's ability to rotate browser fingerprints and mimic human search behavior makes it ideal for collecting SERP data, featured snippet information, and People Also Ask boxes. The Chrome engine ensures JavaScript-rendered results are fully loaded, while the evasion stack prevents the search engines from serving you sanitized or blocked results.
Academic Research and Data Mining
Researchers needing large-scale web corpora often hit roadblocks when websites detect automated access patterns. Hero's realistic browsing signatures and session persistence capabilities enable ethical data collection for academic purposes. Whether you're analyzing news article trends, social media patterns, or archiving web content, Hero's detection avoidance ensures your research isn't skewed by blocked access or served different content than human users receive.
Competitive Intelligence and Market Research
Monitoring competitor websites, tracking industry trends, and aggregating market data requires consistent, reliable access. Hero's plugin system allows you to customize evasion strategies for specific target sites, while the DoubleAgent testing framework validates your approach. The ability to emulate mobile browsers is particularly valuable for understanding how companies optimize their mobile experiences and track mobile-specific pricing strategies.
Ad Verification and Brand Safety
Digital advertisers need to verify their ads appear correctly across different geographies and device types. Hero's browser emulation makes it simple to impersonate users from specific locations, with particular device characteristics, to capture screenshots and verify ad placements. The TLS protection ensures ad networks don't detect and block your verification bots, while the realistic interaction patterns prevent your brand safety checks from being filtered out of analytics.
Step-by-Step Installation & Setup Guide
Quick Start with Hero Playground
For rapid prototyping and simple scripts, the Hero Playground package provides a one-time-use instance that automatically cleans up after execution. This is perfect for testing ideas before committing to a full deployment setup.
# Install the playground package
npm i --save @ulixee/hero-playground
The playground creates a temporary Hero instance that terminates when your script completes. This eliminates manual cleanup and is ideal for cron jobs, serverless functions, or one-off data extraction tasks.
Production Deployment Setup
When you're ready to deploy serious scraping infrastructure, you'll need the full Hero suite. Since Hero is a monorepo using Yarn workspaces, the setup process differs from standard npm packages.
First, clone the repository with submodules to access all components:
# Clone with all submodules
git clone --recursive https://github.com/ulixee/hero.git
cd hero
# Install dependencies and build TypeScript files
yarn install
yarn build
Critical: You must run yarn build after installation to compile the TypeScript source files. Skipping this step results in runtime errors as the JavaScript files won't exist.
Development Environment with Nix
For consistent development across teams, Hero supports a Nix-based development environment that guarantees identical dependency versions.
# 1. Install Nix package manager
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
# 2. Install devenv for sandboxed development
nix-env -iA cachix -f https://cachix.org/api/v1/install
cachix use devenv
nix-env -if https://github.com/cachix/devenv/tarball/latest
# 3. Install direnv for auto-loading (optional but recommended)
brew install direnv # macOS
# or
apt-get install direnv # Ubuntu
# 4. Hook direnv into your shell
# Add to ~/.zshrc or ~/.bashrc:
eval "$(direnv hook zsh)"
# or
eval "$(direnv hook bash)"
Browser Profiles Data Setup
To work with browser profiles and update emulator data, download the profiling dataset:
# Download browser profile data (required for profile work)
yarn workspace @ulixee/unblocked-browser-profiler downloadData
This clones the browser-profile-data repository adjacent to your Hero installation, containing real browser signatures collected from BrowserStack, Docker containers, and local machines. The data includes deep diffs between headed/headless Chrome, various run configurations, and cross-environment comparisons essential for accurate emulation.
REAL Code Examples from the Repository
Basic Scraping with Native DOM Access
This example from the Hero README demonstrates the fundamental advantage: direct DOM manipulation without evaluate callbacks.
const Hero = require('@ulixee/hero-playground');
(async () => {
// Initialize a new Hero instance
const hero = new Hero();
// Navigate to the target page
await hero.goto('https://example.org');
// Access document properties directly - no evaluate() needed!
const title = await hero.document.title;
console.log('Page title:', title);
// Query DOM elements using standard selectors
const intro = await hero.document.querySelector('p').textContent;
console.log('First paragraph:', intro);
// Clean up resources
await hero.close();
})();
Explanation: Unlike Puppeteer where you'd need await page.evaluate(() => document.title), Hero exposes the DOM directly in your NodeJS context. The hero.document object implements the full W3C DOM specification, serializing properties and methods across the browser boundary automatically. This eliminates context switching, reduces code complexity by 40-60%, and makes debugging significantly easier since you're working with familiar APIs.
Advanced Configuration with Browser Emulation
For production scraping, you'll want to configure specific browser fingerprints and evasion plugins.
const Hero = require('@ulixee/hero-full');
const { Chrome80Plugin } = require('@ulixee/unblocked-plugin-chrome80');
(async () => {
// Create Hero instance with custom configuration
const hero = new Hero({
// Use a specific browser emulator
emulator: new Chrome80Plugin({
operatingSystem: 'mac-os', // Emulate MacOS Chrome
viewport: { width: 1440, height: 900 },
userAgent: true, // Use realistic UA string
}),
// Configure stealth plugins
plugins: [
'@ulixee/unblocked-plugin-browser-dom',
'@ulixee/unblocked-plugin-browser-simulation',
'@ulixee/unblocked-plugin-tcp',
],
// Set up proxy for IP rotation
upstreamProxyUrl: 'http://user:pass@proxy-provider.com:8000',
});
// Enable human-like interactions
await hero.emulateHuman();
// Navigate with realistic timing
await hero.goto('https://example.com', {
timeoutMs: 30000,
waitForPaintingStable: true,
});
// Perform human-like scrolling
await hero.scrollTo({ y: 500 });
// Extract data with DOM methods
const links = await hero.document.querySelectorAll('a');
const hrefs = await Promise.all(
links.map(link => link.getAttribute('href'))
);
console.log('Found links:', hrefs);
await hero.close();
})();
Explanation: This advanced example demonstrates Hero's plugin architecture and configuration options. The Chrome80Plugin emulator ensures your scraper matches the exact signature of Chrome 80 on macOS, including subtle timing behaviors and API implementations. The emulateHuman() method activates realistic mouse movements, typing delays, and scroll patterns. The waitForPaintingStable option ensures all visual content has rendered before extraction, critical for sites that load data progressively. The proxy configuration demonstrates how Hero integrates with IP rotation services for large-scale operations.
Working with Browser Profiles and Detection Testing
Hero's DoubleAgent framework lets you test your scraper against real detection engines before deployment.
const { DoubleAgentRunner } = require('@ulixee/double-agent-stacks');
const Hero = require('@ulixee/hero');
(async () => {
// Initialize DoubleAgent to test your Hero configuration
const runner = new DoubleAgentRunner({
heroClass: Hero,
testDomains: ['bot-detection-site.com'],
profileDataDir: '../browser-profile-data',
});
// Run comprehensive detection tests
const results = await runner.runAllTests({
tcpAnalysis: true, // Check TCP fingerprint
tlsAnalysis: true, // Verify TLS handshake looks real
httpAnalysis: true, // Analyze HTTP headers
domAnalysis: true, // Test DOM property consistency
interactionAnalysis: true, // Validate user interaction realism
});
// Review detection scores
console.log('Detection risk score:', results.riskScore);
console.log('Failed checks:', results.failures);
// Iterate on your configuration based on results
if (results.failures.includes('webgl-fingerprint')) {
console.log('Warning: WebGL fingerprint detected as automated');
// Adjust plugins or emulator settings
}
await runner.close();
})();
Explanation: This code showcases Hero's unique testing capabilities. The DoubleAgent framework runs your scraper through a battery of detection tests used by real anti-bot systems. It analyzes your TCP packet timing, TLS cipher suite selection, HTTP header ordering, DOM property values, and interaction patterns. The riskScore provides a quantitative measure of detectability, while the failures array identifies specific weaknesses. This feedback loop allows you to harden your scraper before it encounters production defenses, saving countless hours of debugging mysterious blocks.
Session Management and Cookie Persistence
For scraping that requires login sessions or maintains state across runs:
const Hero = require('@ulixee/hero-playground');
const fs = require('fs').promises;
(async () => {
const hero = new Hero({
// Persist session data to disk
sessionPersistence: {
enabled: true,
directory: './sessions',
name: 'amazon-session',
},
});
// Restore previous session if it exists
const sessionExists = await fs.access('./sessions/amazon-session.json')
.then(() => true).catch(() => false);
if (sessionExists) {
await hero.session.load('./sessions/amazon-session.json');
console.log('Restored previous session');
}
// Perform login (only needed first time)
if (!sessionExists) {
await hero.goto('https://amazon.com');
await hero.emulateHuman();
// Fill login form with realistic typing
const emailField = await hero.document.querySelector('#ap_email');
await hero.type(emailField, 'your-email@example.com', {
delayPerChar: 50 + Math.random() * 100, // Human-like timing
});
await hero.click(await hero.document.querySelector('#continue'));
// ... complete login process
// Save session for next run
await hero.session.save('./sessions/amazon-session.json');
}
// Now scrape with authenticated session
await hero.goto('https://amazon.com/your-orders');
const orders = await hero.document.querySelectorAll('.order');
await hero.close();
})();
Explanation: Session persistence is crucial for scraping authenticated content. Hero's session system captures not just cookies, but localStorage, sessionStorage, IndexedDB, and browser state. The emulateHuman() method combined with realistic typing delays prevents login forms from detecting automated entry. By saving sessions to disk, you avoid re-authenticating on every run, reducing both detection risk (repeated logins are suspicious) and execution time. The session file is encrypted by default, protecting sensitive credentials.
Advanced Usage & Best Practices
Stealth Strategy Layering
Never rely on a single evasion technique. Combine multiple strategies: rotate user agents, vary viewport sizes, randomize interaction timing, and switch between different browser emulators. Hero's plugin system makes this composable—stack plugins for TCP, TLS, DOM, and interaction masking to create a robust defense profile.
Intelligent Request Timing
Implement human-like browsing patterns with random delays between page navigations. Use Hero's built-in emulateHuman() method, but enhance it with custom delays:
// Add random delays between actions
await new Promise(r => setTimeout(r, 2000 + Math.random() * 3000));
await hero.goto(nextUrl);
Proxy Rotation Integration
Combine Hero with residential proxy services for IP diversity. Configure different proxy URLs per browser instance and rotate them regularly. Hero's upstreamProxyUrl option supports SOCKS5, HTTP, and HTTPS proxies with authentication.
Error Handling and Retry Logic
Production scrapers need robust error handling. Wrap Hero operations in try/catch blocks and implement exponential backoff for retries:
async function scrapeWithRetry(hero, url, maxAttempts = 3) {
for (let i = 0; i < maxAttempts; i++) {
try {
return await hero.goto(url);
} catch (error) {
if (i === maxAttempts - 1) throw error;
await new Promise(r => setTimeout(r, 1000 * Math.pow(2, i)));
}
}
}
Resource Management
Always close Hero instances in finally blocks to prevent memory leaks and zombie Chrome processes:
const hero = new Hero();
try {
// Your scraping logic
} finally {
await hero.close();
}
Monitoring and Alerting
Integrate Hero with your monitoring stack. Track metrics like block rate, success rate, average response time, and detection test scores. Set up alerts when your DoubleAgent riskScore exceeds thresholds, indicating it's time to update your evasion plugins.
Comparison with Alternatives
| Feature | Hero | Puppeteer | Playwright | Selenium | Beautiful Soup |
|---|---|---|---|---|---|
| Primary Purpose | Scraping | Testing | Testing | Testing | HTML Parsing |
| TLS Fingerprint Protection | ✅ Built-in | ❌ None | ❌ None | ❌ None | ❌ None |
| Native DOM in NodeJS | ✅ Full W3C | ❌ Evaluate() only | ❌ Evaluate() only | ❌ ExecuteScript() | ✅ N/A |
| Browser Emulation | ✅ Advanced | ❌ Basic | ❌ Basic | ❌ Minimal | ❌ None |
| Detection Testing | ✅ DoubleAgent | ❌ Manual | ❌ Manual | ❌ Manual | ❌ None |
| Performance | ⚡ Chrome engine | ⚡ Chrome engine | ⚡ Multi-engine | 🐌 WebDriver overhead | ⚡ Fast (static) |
| JavaScript Rendering | ✅ Full | ✅ Full | ✅ Full | ✅ Full | ❌ None |
| Plugin Ecosystem | ✅ Unblocked | ❌ Limited | ❌ Limited | ❌ Limited | ❌ None |
| Learning Curve | 🟢 Low | 🟡 Medium | 🟡 Medium | 🔴 High | 🟢 Low |
| Anti-Bot Evasion | ✅ Multi-layer | ❌ Minimal | ❌ Minimal | ❌ Minimal | ❌ None |
Why Choose Hero Over Puppeteer?
While Puppeteer is excellent for testing, it requires manual implementation of evasion techniques that Hero provides out-of-the-box. The puppeteer-extra-plugin-stealth package helps, but it's a patchwork solution that doesn't address TLS fingerprinting or provide comprehensive testing. Hero's architecture assumes evasion is a first-class concern, not an afterthought.
Why Choose Hero Over Playwright?
Playwright's multi-engine support is valuable for testing across browsers, but for scraping, Chrome's dominance means you need the deepest possible Chrome evasion. Hero's Chrome-specific optimizations and browser profile data collection create more convincing emulation than Playwright's generalist approach. Additionally, Hero's DOM API eliminates Playwright's evaluate overhead.
Why Choose Hero Over Beautiful Soup?
Beautiful Soup is fast for static HTML but fails with JavaScript-rendered content. Modern sites require full browser execution. Hero gives you the performance benefits of direct DOM access while still executing JavaScript, offering the best of both worlds for dynamic content.
Frequently Asked Questions
How does Hero's TLS fingerprinting protection actually work?
Hero intercepts TLS handshake negotiations and randomizes cipher suite ordering, extensions, and timing to match real browser signatures. It uses collected data from BrowserStack profiles to ensure your networking stack matches headed Chrome on home operating systems, not headless Linux servers. This prevents network-level fingerprinting that identifies automated tools by their unique TLS handshake patterns.
Is Hero completely undetectable?
No tool is 100% undetectable, but Hero significantly raises the bar. Its multi-layer evasion makes detection exponentially harder and more expensive for websites. The DoubleAgent framework helps you quantify your detection risk and identify weaknesses. Regular updates to the Unblocked plugins ensure Hero adapts as detection methods evolve.
What's the performance overhead compared to raw Puppeteer?
Hero adds minimal overhead—typically 5-10% for DOM serialization and evasion logic. However, this is offset by eliminating expensive evaluate calls and context switches. In practice, many users report faster overall execution due to more efficient data extraction patterns and fewer retries from blocks.
Can Hero handle WebGL and canvas fingerprinting?
Yes. Hero includes plugins that randomize WebGL renderer strings, canvas image data, and audio context fingerprints. These are common advanced detection vectors that many tools miss. The browser profile data includes real WebGL signatures that can be emulated accurately.
Is Hero free to use for commercial projects?
Hero is MIT-licensed, making it free for commercial use. The core engine, plugins, and DoubleAgent framework are all open-source. Ulixee offers enterprise support and managed scraping infrastructure for organizations needing SLA-backed reliability.
How do I contribute new evasion techniques?
The Unblocked plugin architecture welcomes community contributions. Fork the repository, create a new plugin in the ./plugins directory, and submit a pull request. The DoubleAgent tests will validate your plugin's effectiveness. Join the Ulixee Discord to discuss ideas with other contributors.
Does Hero support mobile browser emulation?
Absolutely. Hero's emulator system includes profiles for mobile Chrome and Safari on iOS and Android. You can configure viewport, touch events, device orientation, and mobile-specific APIs. This is essential for scraping mobile-optimized sites or testing responsive designs.
Conclusion: Why Hero Represents the Future of Web Scraping
Ulixee Hero isn't just another headless browser—it's a fundamental reimagining of what a scraping tool should be. By treating evasion as a core architectural concern rather than an optional plugin, Hero solves problems that have plagued developers for years. The native DOM implementation alone eliminates countless hours of debugging evaluate callbacks and context switching errors.
What truly sets Hero apart is its scientific approach to detection avoidance. The DoubleAgent framework transforms evasion from black magic into measurable engineering. Instead of guessing whether your scraper will be blocked, you can quantify your risk and iteratively improve your stealth profile. This data-driven methodology represents a maturity leap for the scraping ecosystem.
The open-source plugin architecture ensures Hero will continue evolving as detection methods advance. Community contributions create a collective defense against anti-bot systems, benefiting everyone. Whether you're a solo developer extracting data for a side project or an enterprise running large-scale intelligence operations, Hero provides the tools to succeed where other browsers fail.
Ready to revolutionize your web scraping? Visit the official Hero repository to get started, explore the documentation at ulixee.org, and join the Discord community to connect with other developers pushing the boundaries of what's possible in automated data extraction. The web is open knowledge—Hero ensures you can access it.
