JA3/JA4 fingerprint
JA3 ↗ and JA4 ↗ fingerprints help you profile specific SSL/TLS clients across different destination IPs, Ports, and X509 certificates.
JA4 fingerprint adds new functionality by sorting ClientHello extensions and reducing the total number of unique fingerprints for modern browsers.
If you want to use JA4 fingerprints and Signals Intelligence, your Workers script must be able to handle the absence of any field in the array, including:
- The possibility that the JA4 fingerprint could be missing.
- The possibility that the ja4Signalsarray could be missing.
- Results with NaNorInfinityvalues will be excluded from the array.
{  "ja4Signals": {    "h2h3_ratio_1h": 0.98826485872269,    "heuristic_ratio_1h": 7.288895722013e-05,    "reqs_quantile_1h": 0.99905741214752,    "uas_rank_1h": 901,    "browser_ratio_1h": 0.93640440702438,    "paths_rank_1h": 655,    "reqs_rank_1h": 850,    "cache_ratio_1h": 0.18918327987194,    "ips_rank_1h": 662,    "ips_quantile_1h": 0.99926590919495  },  "jaSignalsParsed": {    "ratios": {      "h2h3_ratio_1h": 0.98826485872269,      "heuristic_ratio_1h": 7.288895722013e-05,      "browser_ratio_1h": 0.93640440702438,      "cache_ratio_1h": 0.18918327987194    },    "ranks": {      "uas_rank_1h": 901,      "paths_rank_1h": 655,      "reqs_rank_1h": 850,      "ips_rank_1h": 662    },    "quantiles": {      "reqs_quantile_1h": 0.99905741214752,      "ips_quantile_1h": 0.99926590919495    }  }}When JA4 Signals are missing, the output appears as follows:
{  "ja4Signals": {},  "jaSignalsParsed": {    "ratios": {},    "ranks": {},    "quantiles": {}  }}The JA3/JA4 fingerprint can be null or empty in some cases. The most common case is for HTTP requests because JA3 and JA4 are calculated in TLS. It can also be empty due to the Worker sending requests within the same zone or to a zone that is not proxied (or a third party).
Orange to Orange (O2O) should not cause null or empty JA3 or JA4 fingerprints, unless the eyeball zone is routing traffic to the target zone using a Worker.
To get more information about potential bot requests, use these JA3 and JA4 fingerprints in:
- Bot Analytics
- Security Events and Security Analytics
- Analytics GraphQL API, specifically the HTTP Requests dataset
- Logs
To adjust how your application responds to specific fingerprints, use them with:
A group of similar requests may share the same JA3 fingerprint. For this reason, JA3 may be useful in blocking an incoming threat. For example, if you notice that a bot attack is not caught by existing defenses, create a custom rule that blocks or challenges the JA3 used for the attack.
Alternatively, if existing defenses are blocking traffic that is actually legitimate, create a custom rule with the Skip action allowing the JA3 seen across good requests.
JA3 may also be useful if you want to immediately remedy false positives or false negatives with Bot Management.
Often, mobile application traffic will produce the same JA3 fingerprint across devices and users. This means you can identify your mobile application traffic by its JA3 fingerprint.
Use the JA3 fingerprint to allow traffic from your mobile application, but block or challenge remaining traffic.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Directory
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- © 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark