HAProxy - JA4H HTTP Client-Fingerprint - Lua Plugin

February 27, 2026 ยท View on GitHub


You need to run HAProxy 2.9 or higher to use this plugin!

If the needed features are not yet available in your version - it will fail with the error attempt to call a nil value (method 'req_cook_names')

Test it: fingerprint.oxl.app


Intro

About JA4:

About JA3:

Browser Fingerprinting:


Usage

  • Add the LUA script ja4h.lua to your system.

Config

  • Load the LUA module with lua-load /etc/haproxy/lua/ja4h.lua
  • Execute the LUA script on HTTP requests: http-request lua.fingerprint_ja4h
  • Log the fingerprint: http-request capture var(txn.fingerprint_ja4h) len 51

License

This script is licensed under the MIT-license and thus is free to use.

But the JA4H algorithm has some usage-limitations - see: FoxIO-LLC/ja4 & JA4+ FoxIO License


Contribute

If you have:

Please read the JA4H TLS details!

Available HTTP-fetches are: HAProxy HTTP fetches

Testing

Example:

FINGERPRINT
ge20cn16enus_38f13b2c1334_1b82fc6e2b78_60837532b357

DEBUG
ge_20_c_n_16_enus_accept,accept-encoding,accept-language,cache-control,cookie,host,priority,sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-fetch-dest,sec-fetch-mode,sec-fetch-site,sec-fetch-user,upgrade-insecure-requests,user-agent_abc,def_abc=test,def=me

Docker

If you prefer to use Docker, the manual steps can be skipped. Run the docker container from the project root and access http://localhost:6969

docker compose -f test/docker-compose.yaml up --build --watch

--watch will automatically rebuild the container on changes

Local

WARNING: You need to run a version of HAProxy >=2.9 or master

  • Run: bash test/run.sh

  • Access the test website: http://localhost:6969/

  • Or query the API: curl -v https://localhost:6969/api

    {
      "fingerprint": "ge11nn14enus_1e32c07f0ac0_000000000000_000000000000",
      "details": "ge_11_n_n_14_enus_accept,accept-encoding,accept-language,cache-control,host,sec-ch-ua,sec-ch-ua-mobile,sec-ch-ua-platform,sec-fetch-dest,sec-fetch-mode,sec-fetch-site,sec-fetch-user,upgrade-insecure-requests,user-agent__"
    }
    

Exit with CTRL+C