This probe is intentionally single-session. It does not compare different tabs, because in your browser each tab is a different storage/proxy identity by design. Instead it checks whether one session stays internally coherent across page, same-origin frame, dedicated worker, shared worker, and service worker for the surfaces that anti-bot systems care about most: canvas, WebGL, audio, timezone, language, UA-CH, webdriver, WebRTC candidate leakage, permissions, and obvious prototype tampering.
- Page vs same-origin frame should normally match on all major surfaces.
- Missing request headers in worker contexts are not treated as bugs by themselves.
- `BAD` is reserved for real same-session inconsistencies or high-signal browser integrity problems.
- `WARN` is used for worker-vs-window drift or suspicious surfaces that need manual interpretation.
- Canvas/WebGL/audio differences inside one session are much more suspicious than differences across isolated tabs.
- "patched" in the tamper table does not automatically mean "bad"; it means the site can probably detect a shim.
No run yet.