CDP Detection
CDP detection is the identification of browsers being controlled through the Chrome DevTools Protocol, the low-level interface many automation tools use to drive Chromium. Its presence is a strong indicator that a session is scripted rather than driven by a human.
How CDP Detection works
The Chrome DevTools Protocol, or CDP, is the interface that lets external programs inspect and control a Chromium browser. Popular automation frameworks connect over CDP to navigate pages, evaluate JavaScript, intercept network requests, and read the DOM. Because it is powerful and well supported, CDP has become the default control channel for headless and headful automation of Chromium.
When a browser is driven over CDP, the act of instrumentation leaves observable side effects. Certain runtime behaviors change, specific objects and hooks appear, and the browser exposes characteristics associated with an attached debugging session. Detection scripts probe for these effects, for example by observing how the environment reacts to operations that behave differently when a CDP client is listening.
Attackers respond by patching the browser build or the automation library to suppress the most obvious tells. This turns CDP detection into an ongoing contest: as public evasions circulate, detectors add new probes that catch the side effects the evasions fail to hide. Robust detection therefore relies on multiple independent CDP indicators rather than a single check that can be individually patched.
Because CDP is specific to Chromium-based browsers, its signals are combined with broader automation and environment checks. A session that shows CDP artifacts alongside other automation markers is far more confidently classified than one relying on any single tell, which keeps false positives low for ordinary users who never trigger these signals.
Why CDP Detection matters for fraud prevention
CDP is the control layer beneath a large share of modern automated abuse, so detecting it directly targets the mechanism attackers depend on rather than the disguise they present. Catching CDP-driven sessions exposes sophisticated bots that have already spoofed their user agent and fingerprint but cannot fully hide the way their browser is being remotely operated. It is a high-value signal precisely because the control channel is hard to remove without breaking the automation.
How TRACIO handles it
TRACIO Bot Detection includes checks for the artifacts left by CDP-based control and weighs them alongside other automation and environment signals when forming its verdict. This lets the platform flag scripted Chromium sessions even when their declared identity looks entirely ordinary. The finding is exposed through Smart Signals so teams can see why a session was judged automated and choose the appropriate response.
Related terms
Frequently asked questions
Identify every device with confidence
Start with a free plan of 2,500 API calls per month. No credit card required.