Some websites use Web Application Firewalls (WAF) or bot protection services that block automated HTTP requests. When this happens, WebMon’s standard checks receive 403, 429, or 503 responses and the monitor shows a "Blocked" status. Browser Mode solves this by using a real headless Chrome browser to load the page, just like a human visitor would.
How Browser Mode Works
Instead of making a simple HTTP request, Browser Mode launches a headless Chrome browser that:
- Renders JavaScript — passes JS-based challenges and bot detection
- Follows JS redirects — detects redirects that only happen via JavaScript or meta refresh tags
- Renders the full DOM — scans content as it actually appears to visitors
- Handles cookies and sessions — completes multi-step challenge flows
Automatic WAF Detection
WebMon automatically detects when a site is protected by a WAF. When a check receives a blocked response (403/429/503) along with known WAF headers, WebMon will:
- Flag the response as WAF detected
- Automatically retry the check using headless Chrome (if available)
- Set a needs_browser flag on the monitor so future checks go straight to browser rendering
- After 7 days, the flag is automatically cleared to retest with regular HTTP — if the WAF is still active, the flag is set again
Supported WAF Providers
WebMon detects protection from these providers:
- Cloudflare — Bot Fight Mode, Under Attack Mode, JS challenges
- Sucuri — Website firewall and DDoS protection
- Akamai — Enterprise CDN and security
- AWS WAF — Amazon Web Services firewall
- Other challenge pages detected by content patterns
Browser Mode in Tools
Three tools in WebMon support an optional Browser Mode toggle:
Redirect Checker
With Browser Mode enabled, the redirect checker follows JavaScript redirects and meta refresh tags that regular HTTP cannot detect. This is useful for sites that use JS-based redirect chains.
Content Checker
With Browser Mode enabled, the content checker hashes the fully rendered DOM instead of the raw HTML source. This gives you a more accurate picture of what visitors actually see and detects changes in dynamically loaded content.
Security Scanner
With Browser Mode enabled, the security scanner analyzes the rendered page content. This catches security issues in dynamically generated content that might not appear in the raw HTML source.
Check History Badges
In your monitor’s check history, you may see these indicators:
- WAF Detected — the check triggered a WAF response
- Browser Rendered — the check was completed using headless Chrome
- Needs Browser — the monitor is flagged to use browser rendering for future checks
Limitations
- Browser rendering is slower than regular HTTP checks (typically 3–10 seconds vs under 1 second)
- Browser rendering uses more server resources than standard checks
- Some advanced bot protection (e.g., CAPTCHAs, interactive challenges) cannot be bypassed even with a real browser
- Browser Mode availability depends on server configuration
If your monitor is still showing as "Blocked" even with browser rendering, the site may require human interaction (like solving a CAPTCHA). In these cases, please contact us for assistance.