arn-browser 0.1.18 → 0.1.20

package/bin/install.js

@@ -29,14 +29,14 @@ import { createWriteStream } from "fs";
 
 const BRAVE_URLS = {
 	linux: {
-		x64: "https://github.com/brave/brave-browser/releases/download/v1.87.192/brave-browser-1.87.192-linux-amd64.zip",
-		arm64: "https://github.com/brave/brave-browser/releases/download/v1.87.192/brave-browser-1.87.192-linux-arm64.zip",
+		x64: "https://github.com/brave/brave-browser/releases/download/v1.88.134/brave-browser-1.88.134-linux-amd64.zip",
+		arm64: "https://github.com/brave/brave-browser/releases/download/v1.88.134/brave-browser-1.88.134-linux-arm64.zip",
 	},
 	darwin: {
-		arm64: "https://github.com/brave/brave-browser/releases/download/v1.87.192/Brave-Browser-arm64.dmg",
+		arm64: "https://github.com/brave/brave-browser/releases/download/v1.88.134/Brave-Browser-arm64.dmg",
 	},
 	win32: {
-		x64: "https://github.com/brave/brave-browser/releases/download/v1.87.192/brave-v1.87.192-win32-x64.zip",
+		x64: "https://github.com/brave/brave-browser/releases/download/v1.88.134/brave-v1.88.134-win32-x64.zip",
 	}
 };
 

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "arn-browser",
-	"version": "0.1.18",
+	"version": "0.1.20",
 	"description": "A lightweight, browser autmation helper.",
 	"main": "src/index.js",
 	"types": "src/index.d.ts",
@@ -12,21 +12,21 @@
 		"test": "test"
 	},
 	"dependencies": {
-		"@aws-sdk/client-ec2": "^3.953.0",
+		"@aws-sdk/client-ec2": "^3.1015.0",
 		"@ghostery/adblocker": "^2.13.0",
 		"arn-knexjs": "^0.0.3",
-		"camoufox-js": "^0.9.1",
+		"camoufox-js": "^0.9.3",
 		"dotenv": "^17.2.3",
 		"fingerprint-generator": "^2.1.78",
 		"fingerprint-injector": "^2.1.78",
-		"https-proxy-agent": "^7.0.6",
+		"https-proxy-agent": "^8.0.0",
 		"node-cache": "^5.1.2",
 		"node-fetch": "^3.3.2",
 		"playwright-core": "1.42.1",
 		"proxy-chain": "^2.6.0",
-		"puppeteer-core": "^24.38.0",
+		"puppeteer-core": "^24.40.0",
 		"randomstring": "^1.3.1",
-		"socks-proxy-agent": "^8.0.5",
+		"socks-proxy-agent": "^9.0.0",
 		"speakeasy": "^2.0.0",
 		"superagent": "^10.2.3"
 	},
@@ -34,7 +34,8 @@
 		"arn-browser": "bin/cli.js"
 	},
 	"scripts": {
-		"test": "echo \"Error: no test specified\" && exit 1"
+		"test": "echo \"Error: no test specified\" && exit 1",
+		"postinstall": "npm install playwright-core@1.42.1 --no-save"
 	},
 	"keywords": [
 		"browser",

package/src/utility/playwright/pwLaunch.d.ts

@@ -110,10 +110,12 @@ export interface MultiloginOptions {
 	audio_masking?: boolean;
 
 	/**
-	 * Multilogin flag: Custom screen resolution.
-	 * Default: false
+	 * Multilogin flag: Screen resolution masking.
+	 * true = randomize screen resolution ("mask")
+	 * false = use real screen resolution ("natural")
+	 * Default: true
 	 */
-	custom_screen?: boolean;
+	screen_masking?: boolean;
 }
 
 /**
@@ -192,9 +194,12 @@ export interface PwLaunchOptions {
 	 * Configuration for browser fingerprint spoofing.
 	 * 
 	 * - `false`: No fingerprint spoofing (default)
-	 * - `true`: Spoof fingerprint with viewport: null (maximized window)
-	 * - `{ minWidth?, maxWidth?, minHeight?, maxHeight? }`: Spoof fingerprint with screen constraints
-	 *   and use the generated screen dimensions as viewport.
+	 * - `true`: Spoof fingerprint with defaults (detected OS, auto device, viewport: null)
+	 * - `object`: Spoof fingerprint with optional overrides
+	 * 
+	 * Device type is auto-determined from OS:
+	 * - `"windows"`, `"macos"`, `"linux"` → desktop
+	 * - `"android"`, `"ios"` → mobile
 	 * 
 	 * **For persistent Brave profiles:** The value is locked on first launch.
 	 * Subsequent launches will use the saved value, ignoring the current parameter.
@@ -204,15 +209,39 @@ export interface PwLaunchOptions {
 	 * spoof_fingerprint: true
 	 * 
 	 * @example
-	 * // Spoof with specific screen constraints
-	 * spoof_fingerprint: { minWidth: 1366, maxWidth: 1920, minHeight: 768 }
+	 * // Spoof as Windows
+	 * spoof_fingerprint: { os_type: "windows" }
+	 * 
+	 * @example
+	 * // Random OS per launch
+	 * spoof_fingerprint: { os_type: ["windows", "macos"] }
+	 * 
+	 * @example
+	 * // Mixed desktop + mobile
+	 * spoof_fingerprint: { os_type: ["windows", "android"] }
 	 * 
 	 * Default: false
 	 */
 	spoof_fingerprint?: boolean | {
+		/**
+		 * Override the OS for fingerprint generation.
+		 * Can be a single value or array (random pick per launch).
+		 * Device type is auto-determined: windows/macos/linux → desktop, android/ios → mobile
+		 * Default: detected OS of the machine
+		 */
+		os_type?: ("windows" | "macos" | "linux" | "android" | "ios") | ("windows" | "macos" | "linux" | "android" | "ios")[];
+		/**
+		 * Minimum browser version for fingerprint generation.
+		 * Default: 141
+		 */
+		minBrowserVersion?: number;
+		/** Minimum screen width constraint */
 		minWidth?: number;
+		/** Maximum screen width constraint */
 		maxWidth?: number;
+		/** Minimum screen height constraint */
 		minHeight?: number;
+		/** Maximum screen height constraint */
 		maxHeight?: number;
 	};
 

package/src/utility/playwright/pwLaunch.js

@@ -37,6 +37,10 @@ const osMap = {
 };
 const detectedOs = osMap[process.platform] || "windows";
 
+// Default minimum browser versions for fingerprint generation
+const DEFAULT_MIN_CHROME_VERSION = 141;
+const DEFAULT_MIN_FIREFOX_VERSION = 141;
+
 const MULTILOGIN_LAUNCHER_URL = "https://launcher.mlx.yt:45001";
 const MULTILOGIN_FOLDER_ID = "bad9e7e1-cfab-4c8d-bd19-91aa82929711";
 
@@ -227,36 +231,80 @@ function cleanUpProfiles(skipPath) {
 	scanDir(TEMP_DIR);
 }
 
+/**
+ * Maps OS to its device type.
+ */
+const OS_TO_DEVICE = {
+	windows: "desktop",
+	macos: "desktop",
+	linux: "desktop",
+	android: "mobile",
+	ios: "mobile",
+};
+
 /**
  * Helper to generate consistent fingerprint options.
  * @param {string} browserType - 'chromium' | 'firefox' | 'brave'
- * @param {object|null} screenOptions - Optional screen constraints { minWidth, maxWidth, minHeight, maxHeight }
+ * @param {object|null} spoofOptions - Options from spoof_fingerprint (null if boolean true)
+ *   Supported properties:
+ *   - os_type: string | string[]  — e.g. "windows" or ["windows", "macos"]. Default: detectedOs
+ *   - minBrowserVersion: number — minimum browser version for fingerprint. Default: 141
+ *   - minWidth, maxWidth, minHeight, maxHeight: screen constraints
  */
-function getFingerprintConfig(browserType, screenOptions = null) {
+function getFingerprintConfig(browserType, spoofOptions = null) {
+	let selectedOs = detectedOs;
+	let selectedDevice = OS_TO_DEVICE[detectedOs] || "desktop";
+
+	if (spoofOptions && typeof spoofOptions === 'object' && spoofOptions.os_type) {
+		const osList = Array.isArray(spoofOptions.os_type) ? spoofOptions.os_type : [spoofOptions.os_type];
+
+		if (osList.length === 0) {
+			throw new Error(`░░░░░ [Fingerprint] os_type array is empty.`);
+		}
+
+		// Validate all values
+		for (const os of osList) {
+			if (!OS_TO_DEVICE[os]) {
+				throw new Error(
+					`░░░░░ [Fingerprint] Unknown os_type: "${os}".\n` +
+					`   Supported: "windows", "macos", "linux" (desktop), "android", "ios" (mobile)`
+				);
+			}
+		}
+
+		// Random pick one
+		selectedOs = osList[Math.floor(Math.random() * osList.length)];
+		selectedDevice = OS_TO_DEVICE[selectedOs];
+	}
+
+	const minVersion = (spoofOptions && typeof spoofOptions === 'object' && spoofOptions.minBrowserVersion) || (browserType === "firefox" ? DEFAULT_MIN_FIREFOX_VERSION : DEFAULT_MIN_CHROME_VERSION);
+
 	const config = {
-		devices: ["desktop"],
-		operatingSystems: [detectedOs],
+		devices: [selectedDevice],
+		operatingSystems: [selectedOs],
 		locales: ["en-US"],
 		browsers: [],
 		screen: {},
 	};
 
 	if (browserType === "chromium") {
-		config.browsers.push({ name: "chrome", minVersion: 141 });
+		config.browsers.push({ name: "chrome", minVersion });
 	} else if (browserType === "firefox") {
-		config.browsers.push({ name: "firefox", minVersion: 141 });
+		config.browsers.push({ name: "firefox", minVersion });
 	} else if (browserType === "brave") {
-		config.browsers.push({ name: "chrome", minVersion: 141 });
+		config.browsers.push({ name: "chrome", minVersion });
 	}
 
 	// Apply screen filter options if provided
-	if (screenOptions && typeof screenOptions === 'object') {
-		if (screenOptions.minWidth) config.screen.minWidth = screenOptions.minWidth;
-		if (screenOptions.maxWidth) config.screen.maxWidth = screenOptions.maxWidth;
-		if (screenOptions.minHeight) config.screen.minHeight = screenOptions.minHeight;
-		if (screenOptions.maxHeight) config.screen.maxHeight = screenOptions.maxHeight;
+	if (spoofOptions && typeof spoofOptions === 'object') {
+		if (spoofOptions.minWidth) config.screen.minWidth = spoofOptions.minWidth;
+		if (spoofOptions.maxWidth) config.screen.maxWidth = spoofOptions.maxWidth;
+		if (spoofOptions.minHeight) config.screen.minHeight = spoofOptions.minHeight;
+		if (spoofOptions.maxHeight) config.screen.maxHeight = spoofOptions.maxHeight;
 	}
 
+	if (_launchLogs) console.log(`░░░░░ Fingerprint config: OS=${selectedOs}, Device=${selectedDevice}, Browser=${browserType}`);
+
 	return config;
 }
 
@@ -280,8 +328,11 @@ export async function pwLaunch({
 
 	// Spoof Fingerprint
 	// - false: No spoofing
-	// - true: Spoof fingerprint with viewport: null (no screen constraint)
-	// - { minWidth?, maxWidth?, minHeight?, maxHeight? }: Spoof with screen constraints
+	// - true: Spoof fingerprint with defaults (detectedOs, auto device, viewport: null)
+	// - object: Spoof with overrides:
+	//     os_type?: string | string[] (e.g. "windows" or ["windows", "macos"]) — random pick if multiple
+	//     minBrowserVersion?: number — minimum browser version (default: 141)
+	//     minWidth?, maxWidth?, minHeight?, maxHeight?: screen constraints
 	spoof_fingerprint = false,
 
 	// Browser Specific Grouped Options
@@ -441,15 +492,13 @@ async function chromiumLauncher({ profilePath, proxy, timezoneId, CapSolver, hum
 	const proxyObj = formatProxy(proxy);
 	const tz = timezoneId || undefined;
 
-	// Determine screen options from spoof_fingerprint if it's an object
-	const screenOptions = (spoof_fingerprint && typeof spoof_fingerprint === 'object') ? spoof_fingerprint : null;
-
 	// ==================================================================
 	// BRANCH A: TEMP PROFILE (launch + newInjectedContext)
 	// ==================================================================
 	if (!isPersistent) {
 		try {
-			const fpConfig = getFingerprintConfig("chromium", screenOptions);
+			const spoofOptions = (spoof_fingerprint && typeof spoof_fingerprint === 'object') ? spoof_fingerprint : null;
+			const fpConfig = getFingerprintConfig("chromium", spoofOptions);
 			const fingerprintData = new FingerprintGenerator().getFingerprint(fpConfig);
 
 			// Launch standard browser (not persistent context)
@@ -558,9 +607,6 @@ async function firefoxLauncher({ profilePath, proxy, timezoneId, humanize_option
 	const proxyObj = formatProxy(proxy);
 	const tz = timezoneId || undefined;
 
-	// Determine screen options from spoof_fingerprint if it's an object
-	const screenOptions = (spoof_fingerprint && typeof spoof_fingerprint === 'object') ? spoof_fingerprint : null;
-
 	// Firefox specific preferences
 	const firefoxUserPrefs = {
 		"dom.webdriver.enabled": false,
@@ -573,7 +619,8 @@ async function firefoxLauncher({ profilePath, proxy, timezoneId, humanize_option
 	// ==================================================================
 	if (!isPersistent) {
 		try {
-			const fpConfig = getFingerprintConfig("firefox", screenOptions);
+			const spoofOptions = (spoof_fingerprint && typeof spoof_fingerprint === 'object') ? spoof_fingerprint : null;
+			const fpConfig = getFingerprintConfig("firefox", spoofOptions);
 			const fingerprintData = new FingerprintGenerator().getFingerprint(fpConfig);
 
 			const browser = await firefox.launch({
@@ -673,13 +720,13 @@ async function braveLauncher({ profilePath, proxy, CapSolver, timezoneId, humani
 		}
 	}
 
-	// Determine screen options from spoof_fingerprint if it's an object
-	const screenOptions = (effectiveSpoofFingerprint && typeof effectiveSpoofFingerprint === 'object') ? effectiveSpoofFingerprint : null;
+	// Determine spoof options from effectiveSpoofFingerprint if it's an object
+	const spoofOptions = (effectiveSpoofFingerprint && typeof effectiveSpoofFingerprint === 'object') ? effectiveSpoofFingerprint : null;
 
 	// Determine if we should use screen viewport or null
 	// - spoof_fingerprint = true (boolean) -> spoof with viewport: null
 	// - spoof_fingerprint = { minWidth, maxWidth, ... } (object) -> spoof with generated screen viewport
-	const useScreenViewport = screenOptions !== null;
+	const useScreenViewport = spoofOptions !== null;
 
 	let fingerprintData;
 	const fingerprintFilePath = path.join(activePath, "fingerprint.json");
@@ -687,8 +734,8 @@ async function braveLauncher({ profilePath, proxy, CapSolver, timezoneId, humani
 	if (fs.existsSync(fingerprintFilePath)) {
 		fingerprintData = JSON.parse(fs.readFileSync(fingerprintFilePath, "utf-8"));
 	} else {
-		// Generate fingerprint with screen options (null if spoof_fingerprint is just true)
-		const fpConfig = getFingerprintConfig("brave", screenOptions);
+		// Generate fingerprint with spoof options (null if spoof_fingerprint is just true)
+		const fpConfig = getFingerprintConfig("brave", spoofOptions);
 		fingerprintData = new FingerprintGenerator().getFingerprint(fpConfig);
 
 		if (isPersistent) {
@@ -937,7 +984,7 @@ async function multiloginLauncher({ proxy, multilogin_options = {}, humanize_opt
 		canvas_noise = true,
 		media_masking = true,
 		audio_masking = true,
-		custom_screen = false,
+		screen_masking = true,
 	} = multilogin_options;
 
 	if (profileId) {
@@ -949,6 +996,7 @@ async function multiloginLauncher({ proxy, multilogin_options = {}, humanize_opt
 			canvas_noise,
 			media_masking,
 			audio_masking,
+			screen_masking,
 			humanize_options,
 		});
 	}
@@ -1030,7 +1078,7 @@ async function launchExistingMultiloginProfile(profileId, humanize_options = nul
 	}
 }
 
-async function launchQuickMultiloginProfile({ os_type, proxy, canvas_noise, media_masking, audio_masking, humanize_options = null }) {
+async function launchQuickMultiloginProfile({ os_type, proxy, canvas_noise, media_masking, audio_masking, screen_masking, humanize_options = null }) {
 	const createUrl = `${MULTILOGIN_LAUNCHER_URL}/api/v3/profile/quick`;
 	let browser, context, page, profileId;
 
@@ -1043,7 +1091,7 @@ async function launchQuickMultiloginProfile({ os_type, proxy, canvas_noise, medi
 			flags: {
 				audio_masking: audio_masking ? "mask" : "natural",
 				media_devices_masking: media_masking ? "mask" : "natural",
-				screen_masking: "natural",
+				screen_masking: screen_masking ? "mask" : "natural",
 				canvas_noise: canvas_noise ? "mask" : "natural",
 				proxy_masking: proxy ? "custom" : "disabled",
 			},

package/src/utility/playwright/routes/pwRoute.d.ts

@@ -32,6 +32,12 @@ export interface PwRouteOptions {
 	/** Enable caching for requests */
 	useCache?: boolean;
 
+	/** Strip cookies/auth from outgoing requests and sanitize CORS/CSP/set-cookie from responses (default: true) */
+	stripGotHeaders?: boolean;
+
+	/** Log stripped headers to console for debugging (default: false) */
+	stripGotLogger?: boolean;
+
 	/**
 	 * Proxy for custom fetch requests (only used when useGot is true).
 	 * String: "http://host:port", "socks5://user:pass@host:port"

package/src/utility/playwright/routes/pwRoute.js

@@ -71,6 +71,48 @@ function createProxyAgent(proxyUrl) {
 	return new HttpsProxyAgent(proxyUrl);
 }
 
+/**
+ * Strips sensitive headers from outgoing request headers.
+ * Removes cookie and authorization to prevent session/IP correlation.
+ */
+function sanitizeRequestHeaders(headers, logger, url) {
+	const cleaned = { ...headers };
+	const stripped = [];
+	// Remove known auth headers
+	if (cleaned["cookie"]) { stripped.push("cookie"); delete cleaned["cookie"]; }
+	if (cleaned["authorization"]) { stripped.push("authorization"); delete cleaned["authorization"]; }
+	// Remove any header containing auth/token/csrf keywords
+	for (const key of Object.keys(cleaned)) {
+		const lower = key.toLowerCase();
+		if (lower.includes("token") || lower.includes("csrf") || lower.includes("auth")) {
+			stripped.push(key);
+			delete cleaned[key];
+		}
+	}
+	if (logger && stripped.length) console.log(`[stripGot] Request stripped: [${stripped.join(", ")}] → ${url}`);
+	return cleaned;
+}
+
+/**
+ * Sanitizes response headers for safe caching across origins.
+ * - Replaces access-control-allow-origin with * (if present)
+ * - Removes access-control-allow-credentials, set-cookie, CSP, HSTS
+ */
+function sanitizeResponseHeaders(headers, logger, url) {
+	const cleaned = { ...headers };
+	const changes = [];
+	if (cleaned["access-control-allow-origin"]) {
+		changes.push(`access-control-allow-origin: ${cleaned["access-control-allow-origin"]} → *`);
+		cleaned["access-control-allow-origin"] = "*";
+	}
+	if (cleaned["access-control-allow-credentials"]) { changes.push("access-control-allow-credentials"); delete cleaned["access-control-allow-credentials"]; }
+	if (cleaned["set-cookie"]) { changes.push("set-cookie"); delete cleaned["set-cookie"]; }
+	if (cleaned["content-security-policy"]) { changes.push("content-security-policy"); delete cleaned["content-security-policy"]; }
+	if (cleaned["strict-transport-security"]) { changes.push("strict-transport-security"); delete cleaned["strict-transport-security"]; }
+	if (logger && changes.length) console.log(`[stripGot] Response stripped: [${changes.join(", ")}] → ${url}`);
+	return cleaned;
+}
+
 /**
  * Function to fetch resources using Superagent library with optional caching.
  * This mimics the browser's request but handles it in Node.js to allow caching or header manipulation.
@@ -81,9 +123,11 @@ function createProxyAgent(proxyUrl) {
  * @param {boolean} useFullUrl - Whether to use the full URL as cache key or just origin+path
  * @param {string|false} logger - Log level: "info" (success+error), "error" (errors only), false (no logs)
  * @param {Object|null} proxyAgent - Proxy agent to use for the request
+ * @param {boolean} stripHeaders - Whether to sanitize request/response headers
+ * @param {boolean} stripLogger - Whether to log stripped headers
  * @returns {Promise<Object>} - The response object containing status, headers, and body
  */
-async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl, logger, proxyAgent) {
+async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl, logger, proxyAgent, stripHeaders, stripLogger) {
 	// Determine the cache key based on configuration
 	let mainUrl = new URL(url).origin + new URL(url).pathname;
 	if (useFullUrl) {
@@ -102,9 +146,12 @@ async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl
 	}
 
 	try {
+		// Sanitize outgoing request headers if stripHeaders is enabled
+		const finalHeaders = stripHeaders ? sanitizeRequestHeaders(requestHeaders, stripLogger, url) : requestHeaders;
+
 		// Fetch the resource using superagent
 		// buffer(true) ensures we get the raw binary data (essential for images/fonts)
-		let request = superagent(method, url).set(requestHeaders).buffer(true);
+		let request = superagent(method, url).set(finalHeaders).buffer(true);
 
 		// Apply proxy agent if provided
 		if (proxyAgent) {
@@ -116,11 +163,14 @@ async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl
 		// Determine the correct body type (Buffer for binary, text for others)
 		const responseBody = response.body instanceof Buffer ? response.body : response.text;
 
+		// Sanitize response headers if stripHeaders is enabled
+		const finalResponseHeaders = stripHeaders ? sanitizeResponseHeaders(response.headers, stripLogger, url) : response.headers;
+
 		// Save to cache only when caching is enabled
 		if (useCache) {
 			globalCache.set(mainUrl, {
 				status: response.status,
-				headers: response.headers,
+				headers: finalResponseHeaders,
 				body: responseBody,
 			});
 			if (logger === "info") console.log(`Success (cached${viaProxy}): ${mainUrl}`);
@@ -130,7 +180,7 @@ async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl
 
 		return {
 			status: response.status,
-			headers: response.headers,
+			headers: finalResponseHeaders,
 			body: responseBody,
 		};
 	} catch (error) {
@@ -165,6 +215,8 @@ export async function pwRoute({
 	useGot = false,
 	useFullUrl = true,
 	useCache = true,
+	stripGotHeaders = true,
+	stripGotLogger = false,
 	proxy = null,
 	m4w_send_on_post = null,
 	m4w_send_on_message = null,
@@ -357,7 +409,9 @@ export async function pwRoute({
 					requestMethod,
 					useFullUrl,
 					logger,
-					proxyAgent
+					proxyAgent,
+					stripGotHeaders,
+					stripGotLogger
 				);
 
 				if (response) {

package/src/utility/proxy-utility/proxy-chain.d.ts

@@ -60,6 +60,9 @@ export interface ProxyServerOptions {
 	 */
 	ip2LocationKey?: string;
 
+	/** Retry delay in milliseconds between IP lookup attempts (default: 1500) */
+	retryDelayMs?: number;
+
 	/** Enable verbose logging (default: false) */
 	debug?: boolean;
 	/** Track proxy usage statistics (default: true) */
@@ -129,3 +132,11 @@ export function startProxyServer(options: ProxyServerOptions): Promise<ProxyServ
  * @returns A promise resolving to GeoDetails (including timezoneId) or null if unreachable.
  */
 export function fetchPublicIP(proxyUrl: string | null): Promise<GeoDetails | null>;
+
+/**
+ * Fetches proxy details (IP, country, city, timezone) with retries.
+ * @param proxyUrl The proxy URL string. Pass `null` for local fallback.
+ * @param apiKey Optional IP2Location API key.
+ * @param retryDelayMs Delay between retries in ms (default: 1500).
+ */
+export function fetchProxyDetails(proxyUrl: string | null, apiKey?: string | null, retryDelayMs?: number): Promise<GeoDetails | null>;

package/src/utility/proxy-utility/proxy-chain.js

@@ -2,6 +2,7 @@ import ProxyChain from "proxy-chain";
 import net from "net";
 import https from "https";
 import http from "http";
+import { setTimeout as sleep } from "timers/promises";
 import { HttpsProxyAgent } from "https-proxy-agent";
 import { SocksProxyAgent } from "socks-proxy-agent";
 
@@ -100,7 +101,7 @@ export async function fetchPublicIP(proxyUrl) {
  * 1. If proxyUrl is provided -> Fetch Real Data (IP + Timezone).
  * 2. If proxyUrl is NULL/Undefined -> Return "Local" Mock immediately.
  */
-export async function fetchProxyDetails(proxyUrl, apiKey = null) {
+export async function fetchProxyDetails(proxyUrl, apiKey = null, retryDelayMs = 1500) {
 	// --- AUTOMATIC LOCAL FALLBACK ---
 	if (!proxyUrl) {
 		return {
@@ -111,56 +112,65 @@ export async function fetchProxyDetails(proxyUrl, apiKey = null) {
 		};
 	}
 
-	// --- EXTERNAL LOOKUP (Only if proxy exists) ---
-	const attempts = ["IP-API", "IP2Location"];
-
-	for (const provider of attempts) {
-		try {
-			const isSocks = proxyUrl.startsWith("socks");
-			const agent = isSocks ? new SocksProxyAgent(proxyUrl) : new HttpsProxyAgent(proxyUrl);
-
-			let apiUrl;
-
-			if (provider === "IP-API") {
-				apiUrl = "http://ip-api.com/json/?fields=status,message,country,city,timezone,query";
-			} else {
-				const baseUrl = "https://api.ip2location.io/";
-				const fields = "ip,country_name,city_name,time_zone,time_zone_olson";
-				apiUrl = apiKey
-					? `${baseUrl}?key=${apiKey}&format=json&fields=${fields}`
-					: `${baseUrl}?format=json&fields=${fields}`;
-			}
-
-			const jsonStr = await nativeGet(apiUrl, agent, 6000);
-			const data = JSON.parse(jsonStr);
-
-			if (provider === "IP-API") {
-				if (data.status === "success") {
-					return {
-						ip: data.query,
-						country: data.country,
-						city: data.city,
-						timezoneId: data.timezone || null,
-					};
+	// --- EXTERNAL LOOKUP with retry (10 attempts) ---
+	const providers = ["IP-API", "IP2Location"];
+	const MAX_RETRIES = 10;
+
+	for (let attempt = 1; attempt <= MAX_RETRIES; attempt++) {
+		for (const provider of providers) {
+			try {
+				const isSocks = proxyUrl.startsWith("socks");
+				const agent = isSocks ? new SocksProxyAgent(proxyUrl) : new HttpsProxyAgent(proxyUrl);
+
+				let apiUrl;
+
+				if (provider === "IP-API") {
+					apiUrl = "http://ip-api.com/json/?fields=status,message,country,city,timezone,query";
+				} else {
+					const baseUrl = "https://api.ip2location.io/";
+					const fields = "ip,country_name,city_name,time_zone,time_zone_olson";
+					apiUrl = apiKey
+						? `${baseUrl}?key=${apiKey}&format=json&fields=${fields}`
+						: `${baseUrl}?format=json&fields=${fields}`;
 				}
-			} else if (provider === "IP2Location") {
-				if (data && data.ip) {
-					const tz = data.time_zone_olson || null;
-					const isValidId = tz && !tz.startsWith("+") && !tz.startsWith("-");
-					return {
-						ip: data.ip,
-						country: data.country_name,
-						city: data.city_name,
-						timezoneId: isValidId ? tz : null,
-					};
+
+				const jsonStr = await nativeGet(apiUrl, agent, 6000);
+				const data = JSON.parse(jsonStr);
+
+				if (provider === "IP-API") {
+					if (data.status === "success") {
+						return {
+							ip: data.query,
+							country: data.country,
+							city: data.city,
+							timezoneId: data.timezone || null,
+						};
+					}
+				} else if (provider === "IP2Location") {
+					if (data && data.ip) {
+						const tz = data.time_zone_olson || null;
+						const isValidId = tz && !tz.startsWith("+") && !tz.startsWith("-");
+						return {
+							ip: data.ip,
+							country: data.country_name,
+							city: data.city_name,
+							timezoneId: isValidId ? tz : null,
+						};
+					}
 				}
+			} catch (err) {
+				// Silently fail to next provider
 			}
-		} catch (err) {
-			// Silently fail to next provider
+		}
+
+		// Both providers failed, wait 1s before retrying
+		if (attempt < MAX_RETRIES) {
+			console.warn(`░░ Proxy IP lookup failed (attempt ${attempt}/${MAX_RETRIES}), retrying in ${retryDelayMs}ms...`);
+			await sleep(retryDelayMs);
 		}
 	}
 
-	// If proxy was provided but failed to connect:
+	// All retries exhausted:
 	return null;
 }
 
@@ -176,6 +186,7 @@ export async function startProxyServer({
 	PROXY_2_HOSTS = [],
 	NO_PROXY_HOSTS = [],
 	ip2LocationKey = null,
+	retryDelayMs = 1500,
 	debug = false,
 	proxy_stats = true,
 	host_stats = true,
@@ -212,9 +223,9 @@ export async function startProxyServer({
 	// 4. Fetch Details (Simplified Logic)
 	// We pass the URL (or null). The function handles the "Local" logic.
 	const [defaultDetails, p1Details, p2Details] = await Promise.all([
-		fetchProxyDetails(upstreamProxies.default, ip2LocationKey),
-		fetchProxyDetails(upstreamProxies.p1, ip2LocationKey),
-		fetchProxyDetails(upstreamProxies.p2, ip2LocationKey),
+		fetchProxyDetails(upstreamProxies.default, ip2LocationKey, retryDelayMs),
+		fetchProxyDetails(upstreamProxies.p1, ip2LocationKey, retryDelayMs),
+		fetchProxyDetails(upstreamProxies.p2, ip2LocationKey, retryDelayMs),
 	]);
 
 	// Return null if any configured proxy is unreachable
@@ -224,10 +235,10 @@ export async function startProxyServer({
 
 	// 5. Stats
 	const stats = {
-		DEFAULT_PROXY: { request: 0, Tx: 0, Rx: 0 },
-		NO_PROXY: { request: 0, Tx: 0, Rx: 0 },
-		PROXY_1: { request: 0, Tx: 0, Rx: 0 },
-		PROXY_2: { request: 0, Tx: 0, Rx: 0 },
+		DEFAULT_PROXY: { request: 0, srcTx: 0, srcRx: 0, trgTx: 0, trgRx: 0 },
+		NO_PROXY: { request: 0, srcTx: 0, srcRx: 0, trgTx: 0, trgRx: 0 },
+		PROXY_1: { request: 0, srcTx: 0, srcRx: 0, trgTx: 0, trgRx: 0 },
+		PROXY_2: { request: 0, srcTx: 0, srcRx: 0, trgTx: 0, trgRx: 0 },
 	};
 	// hostStatsMap is now categorized by proxy type
 	const hostStatsMap = {
@@ -240,9 +251,6 @@ export async function startProxyServer({
 	const connectionMap = {}; // Maps connectionId -> { type: "..." }
 	let serverRunning = false;
 
-	// Track all open sockets so we can force-destroy them on close
-	const activeSockets = new Set();
-
 	// 6. Server
 	const server = new ProxyChain.Server({
 		port: selectedPort,
@@ -293,7 +301,7 @@ export async function startProxyServer({
 				// Ensure the type exists in map (it should, but safety first)
 				if (!hostStatsMap[proxyType]) hostStatsMap[proxyType] = {};
 				if (!hostStatsMap[proxyType][hostname]) {
-					hostStatsMap[proxyType][hostname] = { req: 0, Tx: 0, Rx: 0 };
+					hostStatsMap[proxyType][hostname] = { req: 0, srcTx: 0, srcRx: 0, trgTx: 0, trgRx: 0 };
 				}
 				hostStatsMap[proxyType][hostname].req++;
 			}
@@ -312,17 +320,26 @@ export async function startProxyServer({
 
 	server.on("connectionClosed", ({ connectionId, stats: connStats }) => {
 		const connectionInfo = connectionMap[connectionId];
-		if (connectionInfo) {
+		if (connectionInfo && connStats) {
 			const { type, hostname } = connectionInfo;
+			const srcTx = connStats.srcTxBytes || 0;
+			const srcRx = connStats.srcRxBytes || 0;
+			const trgTx = connStats.trgTxBytes || 0;
+			const trgRx = connStats.trgRxBytes || 0;
+
 			if (proxy_stats && stats[type]) {
 				stats[type].request++;
-				stats[type].Tx += connStats.srcTxBytes;
-				stats[type].Rx += connStats.srcRxBytes;
+				stats[type].srcTx += srcTx;
+				stats[type].srcRx += srcRx;
+				stats[type].trgTx += trgTx;
+				stats[type].trgRx += trgRx;
 			}
-			// Update host stats with Tx/Rx on connection close
+			// Update host stats
 			if (host_stats && hostname && hostStatsMap[type] && hostStatsMap[type][hostname]) {
-				hostStatsMap[type][hostname].Tx += connStats.srcTxBytes;
-				hostStatsMap[type][hostname].Rx += connStats.srcRxBytes;
+				hostStatsMap[type][hostname].srcTx += srcTx;
+				hostStatsMap[type][hostname].srcRx += srcRx;
+				hostStatsMap[type][hostname].trgTx += trgTx;
+				hostStatsMap[type][hostname].trgRx += trgRx;
 			}
 		}
 		delete connectionMap[connectionId];
@@ -331,38 +348,27 @@ export async function startProxyServer({
 	try {
 		await server.listen();
 		serverRunning = true;
-
-		// Track sockets so closeServer() can destroy them all
-		server.server.on('connection', (socket) => {
-			activeSockets.add(socket);
-			socket.once('close', () => activeSockets.delete(socket));
-
-			// Intercept pipe to catch the upstream target sockets created by proxy-chain
-			const originalPipe = socket.pipe;
-			socket.pipe = function(destination, options) {
-				if (destination && typeof destination.destroy === 'function') {
-					activeSockets.add(destination);
-					destination.once('close', () => activeSockets.delete(destination));
-				}
-				return originalPipe.apply(this, arguments);
-			};
-		});
-
 		console.log(`░░ Local Proxy Started: http://127.0.0.1:${selectedPort}`);
 	} catch (err) {
 		console.error("░░ Failed to start proxy server:", err);
 		return null;
 	}
 
-	const formatBytes = (bytes) => (bytes / 1024 / 1024).toFixed(3);
+	const formatBytes = (bytes) => {
+		if (bytes < 1024) return bytes + " B";
+		if (bytes < 1024 * 1024) return (bytes / 1024).toFixed(2) + " KB";
+		return (bytes / (1024 * 1024)).toFixed(3) + " MB";
+	};
 
 	const getProxyStatsFormatted = () => {
 		const formatted = {};
 		for (const [key, val] of Object.entries(stats)) {
 			formatted[key] = {
 				req: val.request,
-				Tx: formatBytes(val.Tx) + " MB",
-				Rx: formatBytes(val.Rx) + " MB",
+				srcTx: formatBytes(val.srcTx),
+				srcRx: formatBytes(val.srcRx),
+				trgTx: formatBytes(val.trgTx),
+				trgRx: formatBytes(val.trgRx),
 			};
 		}
 		return formatted;
@@ -370,20 +376,20 @@ export async function startProxyServer({
 
 	const getHostStatsFormatted = () => {
 		const result = {};
-		// Iterate over each proxy category
 		for (const [type, hosts] of Object.entries(hostStatsMap)) {
 			const sortedHosts = Object.entries(hosts)
-				.sort((a, b) => b[1].req - a[1].req) // Sort by request count descending
+				.sort((a, b) => b[1].req - a[1].req)
 				.reduce((acc, [host, hostData]) => {
 					acc[host] = {
 						req: hostData.req,
-						Tx: formatBytes(hostData.Tx) + " MB",
-						Rx: formatBytes(hostData.Rx) + " MB",
+						srcTx: formatBytes(hostData.srcTx),
+						srcRx: formatBytes(hostData.srcRx),
+						trgTx: formatBytes(hostData.trgTx),
+						trgRx: formatBytes(hostData.trgRx),
 					};
 					return acc;
 				}, {});
 
-			// Only include categories that have traffic
 			if (Object.keys(sortedHosts).length > 0) {
 				result[type] = sortedHosts;
 			}
@@ -415,16 +421,11 @@ export async function startProxyServer({
 		isServerRunning: () => serverRunning,
 
 		closeServer: async () => {
+			// Close the server — triggers connectionClosed events which accumulate byte stats
 			await server.close(true);
 			serverRunning = false;
 
-			// Force-destroy any lingering sockets so Node can exit
-			for (const socket of activeSockets) {
-				socket.destroy();
-			}
-			activeSockets.clear();
-
-			// Auto console.log stats on close
+			// Log stats AFTER close so all connectionClosed events have fired
 			if (proxy_stats) {
 				console.log("░░ Proxy Stats:", getProxyStatsFormatted());
 			}

package/src/utility/puppeteer/ppLaunch.d.ts

@@ -33,6 +33,14 @@ export interface PpMultiloginOptions {
 	 * Default: true
 	 */
 	audio_masking?: boolean;
+
+	/**
+	 * Multilogin flag: Screen resolution masking.
+	 * true = randomize screen resolution ("mask")
+	 * false = use real screen resolution ("natural")
+	 * Default: true
+	 */
+	screen_masking?: boolean;
 }
 
 /**
@@ -116,15 +124,47 @@ export interface PpLaunchOptions {
 	 * Configuration for browser fingerprint spoofing (per-page via fingerprint-injector).
 	 *
 	 * - `false`: No fingerprint spoofing (default)
-	 * - `true`: Spoof fingerprint with default screen dimensions
-	 * - `{ minWidth?, maxWidth?, minHeight?, maxHeight? }`: Spoof fingerprint with screen constraints
+	 * - `true`: Spoof fingerprint with default OS (detected) and auto device
+	 * - `object`: Spoof fingerprint with optional overrides
+	 *
+	 * Device type is auto-determined from OS:
+	 * - `"windows"`, `"macos"`, `"linux"` → desktop
+	 * - `"android"`, `"ios"` → mobile
+	 *
+	 * @example
+	 * // Spoof with defaults
+	 * spoof_fingerprint: true
+	 *
+	 * @example
+	 * // Spoof as Windows
+	 * spoof_fingerprint: { os_type: "windows" }
+	 *
+	 * @example
+	 * // Random OS per launch (desktop + mobile mixed)
+	 * spoof_fingerprint: { os_type: ["windows", "android"] }
 	 *
 	 * Default: false
 	 */
 	spoof_fingerprint?: boolean | {
+		/**
+		 * Override the OS for fingerprint generation.
+		 * Can be a single value or array (random pick per launch).
+		 * Device type is auto-determined: windows/macos/linux → desktop, android/ios → mobile
+		 * Default: detected OS of the machine
+		 */
+		os_type?: ("windows" | "macos" | "linux" | "android" | "ios") | ("windows" | "macos" | "linux" | "android" | "ios")[];
+		/**
+		 * Minimum Chrome version for fingerprint generation.
+		 * Default: 141
+		 */
+		minBrowserVersion?: number;
+		/** Minimum screen width constraint */
 		minWidth?: number;
+		/** Maximum screen width constraint */
 		maxWidth?: number;
+		/** Minimum screen height constraint */
 		minHeight?: number;
+		/** Maximum screen height constraint */
 		maxHeight?: number;
 	};
 

package/src/utility/puppeteer/ppLaunch.js

@@ -41,26 +41,73 @@ let _cleanupLogs = false;
 // Detect OS for fingerprint generation
 const detectedOs = process.platform === "win32" ? "windows" : process.platform === "darwin" ? "macos" : "linux";
 
+// Default minimum browser version for fingerprint generation
+const DEFAULT_MIN_CHROME_VERSION = 141;
+
+/**
+ * Maps OS to its device type.
+ */
+const OS_TO_DEVICE = {
+	windows: "desktop",
+	macos: "desktop",
+	linux: "desktop",
+	android: "mobile",
+	ios: "mobile",
+};
+
 /**
  * Helper to generate consistent fingerprint options for Puppeteer.
- * @param {object|null} screenOptions - Optional screen constraints { minWidth, maxWidth, minHeight, maxHeight }
+ * @param {object|null} spoofOptions - Options from spoof_fingerprint (null if boolean true)
+ *   Supported properties:
+ *   - os_type: string | string[]  — e.g. "windows" or ["windows", "macos"]. Default: detectedOs
+ *   - minBrowserVersion: number — minimum Chrome version for fingerprint. Default: 141
+ *   - minWidth, maxWidth, minHeight, maxHeight: screen constraints
  */
-function getFingerprintConfig(screenOptions = null) {
+function getFingerprintConfig(spoofOptions = null) {
+	let selectedOs = detectedOs;
+	let selectedDevice = OS_TO_DEVICE[detectedOs] || "desktop";
+
+	if (spoofOptions && typeof spoofOptions === 'object' && spoofOptions.os_type) {
+		const osList = Array.isArray(spoofOptions.os_type) ? spoofOptions.os_type : [spoofOptions.os_type];
+
+		if (osList.length === 0) {
+			throw new Error(`░░░░░ [Fingerprint] os_type array is empty.`);
+		}
+
+		// Validate all values
+		for (const os of osList) {
+			if (!OS_TO_DEVICE[os]) {
+				throw new Error(
+					`░░░░░ [Fingerprint] Unknown os_type: "${os}".\n` +
+					`   Supported: "windows", "macos", "linux" (desktop), "android", "ios" (mobile)`
+				);
+			}
+		}
+
+		// Random pick one
+		selectedOs = osList[Math.floor(Math.random() * osList.length)];
+		selectedDevice = OS_TO_DEVICE[selectedOs];
+	}
+
+	const minVersion = (spoofOptions && typeof spoofOptions === 'object' && spoofOptions.minBrowserVersion) || DEFAULT_MIN_CHROME_VERSION;
+
 	const config = {
-		devices: ["desktop"],
-		operatingSystems: [detectedOs],
+		devices: [selectedDevice],
+		operatingSystems: [selectedOs],
 		locales: ["en-US"],
-		browsers: [{ name: "chrome", minVersion: 141 }],
+		browsers: [{ name: "chrome", minVersion }],
 		screen: {},
 	};
 
-	if (screenOptions && typeof screenOptions === 'object') {
-		if (screenOptions.minWidth) config.screen.minWidth = screenOptions.minWidth;
-		if (screenOptions.maxWidth) config.screen.maxWidth = screenOptions.maxWidth;
-		if (screenOptions.minHeight) config.screen.minHeight = screenOptions.minHeight;
-		if (screenOptions.maxHeight) config.screen.maxHeight = screenOptions.maxHeight;
+	if (spoofOptions && typeof spoofOptions === 'object') {
+		if (spoofOptions.minWidth) config.screen.minWidth = spoofOptions.minWidth;
+		if (spoofOptions.maxWidth) config.screen.maxWidth = spoofOptions.maxWidth;
+		if (spoofOptions.minHeight) config.screen.minHeight = spoofOptions.minHeight;
+		if (spoofOptions.maxHeight) config.screen.maxHeight = spoofOptions.maxHeight;
 	}
 
+	if (_launchLogs) console.log(`░░░░░ Fingerprint config: OS=${selectedOs}, Device=${selectedDevice}`);
+
 	return config;
 }
 
@@ -230,8 +277,11 @@ export async function ppLaunch({
 
 	// Spoof Fingerprint
 	// - false: No spoofing
-	// - true: Spoof with default screen
-	// - { minWidth?, maxWidth?, minHeight?, maxHeight? }: Spoof with screen constraints
+	// - true: Spoof with defaults (detectedOs, auto device)
+	// - object: Spoof with overrides:
+	//     os_type?: string | string[] (e.g. "windows" or ["windows", "macos"]) — random pick if multiple
+	//     minBrowserVersion?: number — minimum Chrome version (default: 141)
+	//     minWidth?, maxWidth?, minHeight?, maxHeight?: screen constraints
 	spoof_fingerprint = false,
 
 	// Multilogin
@@ -542,8 +592,8 @@ async function spawnAndConnect({ binaryPath, profilePath, isPersistent, proxy, e
 				if (_launchLogs) console.log(`░░░░░ Loaded saved fingerprint for ${browserLabel}`);
 			} else {
 				// Generate new fingerprint
-				const screenOptions = (typeof spoof_fingerprint === 'object') ? spoof_fingerprint : null;
-				const fpConfig = getFingerprintConfig(screenOptions);
+				const spoofOptions = (typeof spoof_fingerprint === 'object') ? spoof_fingerprint : null;
+				const fpConfig = getFingerprintConfig(spoofOptions);
 				fingerprintData = new FingerprintGenerator().getFingerprint(fpConfig);
 
 				// Save for persistent profiles
@@ -593,6 +643,7 @@ async function multiloginLauncher({ proxy, multilogin_options = {} }) {
 		canvas_noise = true,
 		media_masking = true,
 		audio_masking = true,
+		screen_masking = true,
 	} = multilogin_options;
 
 	if (profileId) {
@@ -604,6 +655,7 @@ async function multiloginLauncher({ proxy, multilogin_options = {} }) {
 			canvas_noise,
 			media_masking,
 			audio_masking,
+			screen_masking,
 		});
 	}
 }
@@ -683,7 +735,7 @@ async function launchExistingMultiloginProfile(profileId) {
 	}
 }
 
-async function launchQuickMultiloginProfile({ os_type, proxy, canvas_noise, media_masking, audio_masking }) {
+async function launchQuickMultiloginProfile({ os_type, proxy, canvas_noise, media_masking, audio_masking, screen_masking }) {
 	const createUrl = `${MULTILOGIN_LAUNCHER_URL}/api/v3/profile/quick`;
 	let browser, profileId;
 
@@ -696,7 +748,7 @@ async function launchQuickMultiloginProfile({ os_type, proxy, canvas_noise, medi
 			flags: {
 				audio_masking: audio_masking ? "mask" : "natural",
 				media_devices_masking: media_masking ? "mask" : "natural",
-				screen_masking: "natural",
+				screen_masking: screen_masking ? "mask" : "natural",
 				canvas_noise: canvas_noise ? "mask" : "natural",
 				proxy_masking: proxy ? "custom" : "disabled",
 			},

package/src/utility/puppeteer/routes/ppRoute.d.ts

@@ -29,6 +29,12 @@ export interface PpRouteOptions {
 	/** Enable caching for requests */
 	useCache?: boolean;
 
+	/** Strip cookies/auth from outgoing requests and sanitize CORS/CSP/set-cookie from responses (default: true) */
+	stripGotHeaders?: boolean;
+
+	/** Log stripped headers to console for debugging (default: false) */
+	stripGotLogger?: boolean;
+
 	/**
 	 * Proxy for custom fetch requests (only used when useGot is true).
 	 * String: "http://host:port", "socks5://user:pass@host:port"

package/src/utility/puppeteer/routes/ppRoute.js

@@ -71,6 +71,48 @@ function createProxyAgent(proxyUrl) {
 	return new HttpsProxyAgent(proxyUrl);
 }
 
+/**
+ * Strips sensitive headers from outgoing request headers.
+ * Removes cookie and authorization to prevent session/IP correlation.
+ */
+function sanitizeRequestHeaders(headers, logger, url) {
+	const cleaned = { ...headers };
+	const stripped = [];
+	// Remove known auth headers
+	if (cleaned["cookie"]) { stripped.push("cookie"); delete cleaned["cookie"]; }
+	if (cleaned["authorization"]) { stripped.push("authorization"); delete cleaned["authorization"]; }
+	// Remove any header containing auth/token/csrf keywords
+	for (const key of Object.keys(cleaned)) {
+		const lower = key.toLowerCase();
+		if (lower.includes("token") || lower.includes("csrf") || lower.includes("auth")) {
+			stripped.push(key);
+			delete cleaned[key];
+		}
+	}
+	if (logger && stripped.length) console.log(`[stripGot] Request stripped: [${stripped.join(", ")}] → ${url}`);
+	return cleaned;
+}
+
+/**
+ * Sanitizes response headers for safe caching across origins.
+ * - Replaces access-control-allow-origin with * (if present)
+ * - Removes access-control-allow-credentials, set-cookie, CSP, HSTS
+ */
+function sanitizeResponseHeaders(headers, logger, url) {
+	const cleaned = { ...headers };
+	const changes = [];
+	if (cleaned["access-control-allow-origin"]) {
+		changes.push(`access-control-allow-origin: ${cleaned["access-control-allow-origin"]} → *`);
+		cleaned["access-control-allow-origin"] = "*";
+	}
+	if (cleaned["access-control-allow-credentials"]) { changes.push("access-control-allow-credentials"); delete cleaned["access-control-allow-credentials"]; }
+	if (cleaned["set-cookie"]) { changes.push("set-cookie"); delete cleaned["set-cookie"]; }
+	if (cleaned["content-security-policy"]) { changes.push("content-security-policy"); delete cleaned["content-security-policy"]; }
+	if (cleaned["strict-transport-security"]) { changes.push("strict-transport-security"); delete cleaned["strict-transport-security"]; }
+	if (logger && changes.length) console.log(`[stripGot] Response stripped: [${changes.join(", ")}] → ${url}`);
+	return cleaned;
+}
+
 /**
  * Function to fetch resources using Superagent library with optional caching.
  * This mimics the browser's request but handles it in Node.js to allow caching or header manipulation.
@@ -81,9 +123,11 @@ function createProxyAgent(proxyUrl) {
  * @param {boolean} useFullUrl - Whether to use the full URL as cache key or just origin+path
  * @param {string|false} logger - Log level: "info" (success+error), "error" (errors only), false (no logs)
  * @param {Object|null} proxyAgent - Proxy agent to use for the request
+ * @param {boolean} stripHeaders - Whether to sanitize request/response headers
+ * @param {boolean} stripLogger - Whether to log stripped headers
  * @returns {Promise<Object>} - The response object containing status, headers, and body
  */
-async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl, logger, proxyAgent) {
+async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl, logger, proxyAgent, stripHeaders, stripLogger) {
 	// Determine the cache key based on configuration
 	let mainUrl = new URL(url).origin + new URL(url).pathname;
 	if (useFullUrl) {
@@ -102,9 +146,12 @@ async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl
 	}
 
 	try {
+		// Sanitize outgoing request headers if stripHeaders is enabled
+		const finalHeaders = stripHeaders ? sanitizeRequestHeaders(requestHeaders, stripLogger, url) : requestHeaders;
+
 		// Fetch the resource using superagent
 		// buffer(true) ensures we get the raw binary data (essential for images/fonts)
-		let request = superagent(method, url).set(requestHeaders).buffer(true);
+		let request = superagent(method, url).set(finalHeaders).buffer(true);
 
 		// Apply proxy agent if provided
 		if (proxyAgent) {
@@ -116,11 +163,14 @@ async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl
 		// Determine the correct body type (Buffer for binary, text for others)
 		const responseBody = response.body instanceof Buffer ? response.body : response.text;
 
+		// Sanitize response headers if stripHeaders is enabled
+		const finalResponseHeaders = stripHeaders ? sanitizeResponseHeaders(response.headers, stripLogger, url) : response.headers;
+
 		// Save to cache only when caching is enabled
 		if (useCache) {
 			globalCache.set(mainUrl, {
 				status: response.status,
-				headers: response.headers,
+				headers: finalResponseHeaders,
 				body: responseBody,
 			});
 			if (logger === "info") console.log(`Success (cached${viaProxy}): ${mainUrl}`);
@@ -130,7 +180,7 @@ async function fetchWithClient(useCache, url, requestHeaders, method, useFullUrl
 
 		return {
 			status: response.status,
-			headers: response.headers,
+			headers: finalResponseHeaders,
 			body: responseBody,
 		};
 	} catch (error) {
@@ -163,6 +213,8 @@ export async function ppRoute({
 	useGot = false,
 	useFullUrl = true,
 	useCache = true,
+	stripGotHeaders = true,
+	stripGotLogger = false,
 	proxy = null,
 	m4w_send_on_post = null,
 	m4w_send_on_message = null,
@@ -360,7 +412,9 @@ export async function ppRoute({
 					requestMethod,
 					useFullUrl,
 					logger,
-					proxyAgent
+					proxyAgent,
+					stripGotHeaders,
+					stripGotLogger
 				);
 
 				if (response) {