TLS Fingerprinting (JA3/JA4)
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://statuscodefyi.com/iframe/glossary/tls-fingerprinting/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://statuscodefyi.com/glossary/tls-fingerprinting/Add a dynamic SVG badge to your README or docs.
[](https://statuscodefyi.com/glossary/tls-fingerprinting/)Use the native HTML custom element.
A passive network analysis technique that creates a hash fingerprint of a TLS ClientHello message by extracting fields such as TLS version, cipher suites, extensions, elliptic curves, and point formats. JA3 (2017) produces a 32-character MD5 hash; JA4 (2023) improves on JA3 with a more stable, structured fingerprint resistant to trivial evasion. Because a client's TLS stack is consistent across connections, fingerprints reliably identify client libraries (curl, Python requests, Chrome) and are widely used for bot detection, threat hunting, and network traffic classification without decrypting the payload.