You send a screenshot request. Instead of the page, you get a Cloudflare challenge screen, a blank page, or a "Please verify you're human" message. Sound familiar?

This happens because many websites detect headless browsers and block them. Here's how to get around it with SnapSharp's stealth mode and proxy support.

Why screenshots fail on protected sites

Headless Chrome leaks signals that bot detectors catch:

navigator.webdriver is true (real browsers: false)
navigator.plugins is empty (real browsers: 3–5 plugins)
WebGL reports "Google SwiftShader" (a headless-only GPU)
Canvas fingerprint is deterministic (real browsers: varies)
window.chrome runtime object is missing

Bot detection services like Cloudflare, DataDome, and PerimeterX check these signals and block requests that fail.

Solution 1: Stealth mode

SnapSharp's stealth mode patches all 7 detection vectors automatically:

curl "https://api.snapsharp.dev/v1/screenshot\
  ?url=https://protected-site.com\
  &stealth=true" \
  -H "Authorization: Bearer sk_live_..." \
  -o screenshot.png

What it patches:

Signal	What stealth does
`navigator.webdriver`	Set to `false`
`navigator.plugins`	Populated with realistic plugin list
`navigator.languages`	Set to `["en-US", "en"]`
WebGL vendor/renderer	Spoofed to real Intel GPU strings
Canvas fingerprint	Randomized per session
Audio context	Randomized fingerprint
Chrome runtime	Realistic `window.chrome` object

This bypasses approximately 70% of bot detectors, including basic Cloudflare, DataDome, and fingerprint.js checks.

Solution 2: Stealth + proxy

Some sites also block by IP. Datacenter IP ranges are well-known, so even with stealth, requests from cloud providers get flagged.

Combine stealth with your own proxy for maximum bypass:

curl -X POST "https://api.snapsharp.dev/v1/screenshot" \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://heavily-protected-site.com",
    "stealth": true,
    "proxy": "http://user:[email protected]:8080",
    "user_agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36"
  }' -o screenshot.png

Recommended proxy providers

SnapSharp uses a BYO (Bring Your Own) proxy model — connect any proxy you already have:

Bright Data — residential proxies in 195 countries
Oxylabs — datacenter and ISP proxies
Smartproxy — rotating residential proxies

Supported protocols: http://, https://, socks5://.

Solution 3: Add a delay + wait

Sometimes the page loads fine but needs time to render past a JavaScript challenge:

curl "https://api.snapsharp.dev/v1/screenshot\
  ?url=https://slow-challenge-site.com\
  &stealth=true\
  &delay=3000\
  &wait_until=networkidle" \
  -H "Authorization: Bearer sk_live_..." \
  -o screenshot.png

The delay=3000 gives the challenge page 3 seconds to resolve before capturing.

Using the SDK

import { SnapSharp } from '@snapsharp/sdk';

const snap = new SnapSharp(process.env.SNAPSHARP_API_KEY!);

const image = await snap.screenshot('https://protected-site.com', {
  stealth: true,
  proxy: 'socks5://user:[email protected]:1080',
  userAgent: 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)...',
  delay: 2000,
});

What stealth can't bypass

Be realistic about what stealth mode can and can't do:

Works on: Basic Cloudflare, DataDome (standard), fingerprint.js, most custom detectors
Doesn't work on: CAPTCHAs, login-gated content, Cloudflare Turnstile, advanced DataDome (requires real browser sessions)
Doesn't fix: IP-based WAF blocking (use a proxy for that)

For sites that require solving CAPTCHAs, you'll need a dedicated web scraping solution — that's outside the scope of a screenshot API.

Availability

Stealth mode and proxy support require a Growth plan or above ($49/mo). View plans →

No. Turnstile is a managed CAPTCHA challenge that requires solving interactive puzzles or passing behavioral analysis that headless browsers cannot fake. Stealth mode patches fingerprint signals (seven of them), but Turnstile is a separate layer. For Turnstile-protected pages, you need either a CAPTCHA-solving service or authenticated session cookies.

Is it legal to use stealth mode to screenshot protected sites?

Stealth mode is a tool — legality depends on what you do with it. Screenshotting your own sites, public pages with terms of service that permit automation, or sites you have explicit permission to monitor is generally fine. Scraping sites in violation of their ToS or copyright is not. Always check the target site's robots.txt and Terms of Service.

Why do I still see a Cloudflare challenge with stealth mode enabled?

Three common reasons: (1) datacenter IP — add a residential or ISP proxy via the proxy parameter; (2) the page uses Cloudflare Bot Fight Mode with managed challenges — try delay=5000 to let JS challenges resolve; (3) the site uses advanced fingerprinting beyond the standard seven vectors. Stealth handles ~70% of cases — the other 30% need tailored solutions.

Can I use my own proxy with SnapSharp?

Yes. SnapSharp uses a BYO proxy model — pass any http://, https://, or socks5:// URL with credentials via the proxy parameter. We recommend residential proxies from Bright Data, Oxylabs, or Smartproxy for sites that block datacenter IPs. See Stealth & Proxy docs for the full list of supported formats.

What's the performance cost of stealth mode?

Stealth adds ~200–400 ms per request because SnapSharp injects patches into every page context before navigation. Combined with a proxy (which adds network latency based on location), expect total request time of 4–8 seconds vs. 2–3 seconds without. Use caching aggressively — same URL + params = instant cache hit.

Does stealth mode work with `full_page=true` and other parameters?

Yes. Stealth is orthogonal to capture options — it affects only the browser fingerprint, not what or how the page is rendered. You can combine stealth=true with full_page, dark_mode, block_ads, retina, selector, and any other screenshot parameter.

How to Screenshot Sites That Block Bots (Stealth Mode + Proxy)