Masquerade Spoofer

About

Masquerade Spoofer - Advanced HTTP Header Spoofing

Masquerade Spoofer lets you completely change how websites see your browser. Instead of just swapping the User-Agent string like most extensions, it spoofs the entire HTTP header stack across 7 layers - making your disguise actually convincing.

WHY THIS MATTERS

Modern fingerprinting doesn't just look at your User-Agent. It cross-references Client Hints, Accept headers, encoding support, screen information, network speed, and more. If your UA says "Firefox on Linux" but your Client Hints say "Chrome on Windows", you're instantly flagged. Masquerade Spoofer is the only extension that addresses all of these layers together and tells you when something doesn't match.

WHAT YOU CAN SPOOF

Standard Headers
- User-Agent (1,058 presets across 95 categories)
- Accept-Language (30+ language presets)
- Accept and Accept-Encoding (browser-accurate formats)
- Referer, Origin, DNT

Client Hints (the big leak most extensions miss)
- Sec-Ch-Ua (browser brand and version)
- Sec-Ch-Ua-Mobile (mobile vs desktop flag)
- Sec-Ch-Ua-Platform (operating system)
- Sec-Ch-Ua-Platform-Version, Full-Version-List, Arch, Bitness, Model
- Option to strip all Client Hints entirely (correct for Firefox/Safari spoofing)

Device and Screen
- Viewport width and height
- Device Pixel Ratio (DPR)
- Device Memory
- 16 visual device presets

Network Profile (unique to this extension)
- ECT (Effective Connection Type): 4g, 3g, 2g, slow-2g
- Downlink speed in Mbps
- RTT (round-trip latency in ms)
- Save-Data flag
- Why it matters: a "mobile user in Brazil" with 100 Mbps and 2ms latency is obviously fake

Fetch Metadata
- Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site

IP Origin Spoofing
- X-Forwarded-For, X-Real-IP, CF-Connecting-IP, True-Client-IP
- Country picker with 24 countries and realistic IP generation
- Sync toggle to keep all four headers matched
- Randomize button for new IPs from the same country

Custom Headers
- Add any header name/value pair you need

ONE-CLICK QUICK IDENTITY PRESETS

20 presets that fill every single field coherently - not just the UA, but all Client Hints, Accept format, encoding, screen size, network speed, geographic IP, and DNT. Each preset scores 100% on the consistency checker.

FINGERPRINT CONSISTENCY CHECKER

The Active tab shows a score from 0% to 100% with 23 automated checks:

- Does your UA match your Client Hints browser brand?
- Are you sending Client Hints for a browser that doesn't use them?
- Does your platform hint match the OS in your UA?
- Is your mobile flag consistent with your UA?
- Do Chrome version numbers match between UA and hints?
- Does your Accept header format match your claimed browser?
- Is your Accept-Encoding plausible?
- Does your language match your IP country?
- Are all four IP headers using the same address?
- Is your CPU architecture plausible for your device?
- Is the device model appropriate for mobile vs desktop?
- Is your bitness consistent?
- Are Sec-Fetch headers coherent with each other?
- Does your viewport size match your device type?
- Is your pixel ratio plausible?
- Is your device memory realistic?
- Are ECT, downlink, and RTT internally consistent?
- Is your network speed plausible for your geographic region?
- Is your IP format valid?
- How complete is your overall spoofing coverage?

Each check shows a green pass, yellow warning, or red fail with a specific explanation of what's wrong and how to fix it.

PER-SITE PROFILE ROUTING

Assign different spoofing profiles to different websites simultaneously. Browse Google as Chrome on Windows, Amazon as Firefox on Linu...
Each site rule uses its own profile with independent headers.

1,058 USER-AGENT PRESETS

Searchable database covering:
- Every major browser on every platform
- 40+ phone brands with real model numbers
- Game consoles 
- Smart TVs 
- E-readers, smartwatches, VR headsets, car infotainment
- Cloud SDKs 
- DevOps tools 
- CI/CD systems 
- IDEs 
- Microsoft Office 
- API tools 
- Package managers 
- Payment APIs 
- Database clients 
- Monitoring
- Bots and crawlers 
- Vintage browsers
- And much more

PROFILE MANAGEMENT

- Create, rename, duplicate, and delete profiles
- Import and export all profiles as JSON
- Right-click context menu to toggle spoofing or switch profiles
- Per-profile domain filtering (all sites, only listed domains, all except listed)
- Persistent storage across browser restarts

PRIVACY AND PERMISSIONS

Masquerade Spoofer uses Chrome's declarativeNetRequest API to modify headers at the network level. No data is collected, no external servers are contacted, everything runs locally in your browser.

Permissions used:
- declarativeNetRequest: modify HTTP request headers
- storage: save your profiles and settings locally
- contextMenus: right-click menu for quick access
- tabs: open the verification page

LIMITATIONS

- Does not spoof JavaScript APIs (navigator.userAgent, screen.width, etc.)
- Does not modify TLS/JA3 fingerprints
- Does not block WebRTC IP leaks (use a separate extension or VPN)
- IP origin headers are advisory and not trusted by all servers
- For real IP masking, combine with a VPN or proxy

Open source: github.com/mthcht/Masquerade-Spoofer