Fortress

Fortress

Stealth Chromium fork and MCP server so automation and AI agents don't get blocked

Open Source
3.3 (7 reviews)

Gallery

About Fortress

Fortress is an open-source Chromium fork built to keep automated browsers from being detected. Rather than patching behavior in JavaScript, the way most stealth tools do, it corrects the browser fingerprint inside Chromium's own C++ so the browser presents as an ordinary Chrome install. It's the flagship project from Tilion, a team whose stated aim is to give AI agents and automation the same access to the open web that a normal person's browser has. The team frames the mission around a simple principle, that every agent works for a person, so whatever a site keeps from an agent it also keeps from the person behind it.

Modern anti-bot systems don't just check a user agent string. They probe dozens of subtle signals, the driver artifacts left by automation frameworks, side-effects of the DevTools protocol, and quirks in how the browser answers fingerprinting questions. A headless browser wired up with the usual JavaScript patches tends to give itself away, because those patches can be spotted by inspecting a function and seeing that it's no longer native code. The result is blocked requests, endless CAPTCHAs, and scrapers that work for a week and then quietly stop. Those signals span three broad layers, the driver artifacts an automation framework leaves behind, the side-effects of speaking the DevTools protocol, and the fingerprint surfaces a page can read directly. Miss any one of them and a modern defense can still spot the difference.

Fortress attacks the problem at the engine level. It ships as a set of single-purpose C++ patches, each fixing one detection vector, so that native getters return native code across every JavaScript context including the main frame, iframes, and workers. Because the correction lives in the binary rather than in a script the page can read, the browser looks ordinary from the inside out. The team keeps the fork rebased on current Chromium on a regular cycle, which matters because a stale browser version is itself a tell. There are 34 of these single-purpose patches in the current tree, and because each targets one vector, the set can be read, audited, extended, or trimmed rather than trusted as an opaque bundle.

Driving it feels familiar. Fortress exposes a raw CDP endpoint on a standard port, so an existing Playwright or Puppeteer script can connect over CDP with no code changes. It's distributed as a pip package, an npm package, and a Docker image, and it offers tunable personas through command-line flags so an operator can present a coherent identity rather than a random mix of signals. Two Chromium bases are available, a stable line meant to blend in with the majority of real users and a newer line for testing. In practice a script connects over CDP to that endpoint and drives the browser exactly as it would a normal one, so moving an existing automation project across is mostly a matter of pointing it at Fortress.

Alongside the browser, Fortress ships an MCP server aimed squarely at AI agents. It exposes a set of tools that an assistant such as Claude or Cursor can call to fetch pages, extract content, and crawl, all through the stealth engine. That turns the project into more than a scraping tool, it becomes a way to give an agent dependable eyes on the web without every other request tripping a block. This is the piece that ties the open web access mission back to day-to-day agent work. The MCP server exposes on the order of two dozen or more tools an assistant can call, which is enough for it to browse, read, extract, and gather from sites that would otherwise turn a bare agent away.

It's built for developers who write scrapers and automation, for teams that want to test their own bot defenses against a realistic browser, and for anyone building agents that keep hitting walls with ordinary headless setups. What sets it apart is where the work happens. Most stealth libraries live in JavaScript and therefore carry their own fingerprint, while Fortress moves the fix into the engine and publishes the patches so you can read exactly what it changes. It also reports passing common detector suites and live Cloudflare challenges. The project points to results against well-known fingerprinting tests and to real retail and travel sites as evidence, and it rebases on current Chromium on a monthly cycle to keep pace.

The engine and its patches are open source under a BSD-3-Clause license, so you can run it, audit it, and rebuild it yourself at no cost, with Chromium keeping its own upstream license. For teams that would rather not manage browser builds, Tilion is preparing a hosted service called Tilion Cloud, which is currently gated behind a waitlist. The team can be reached at team@tilion.dev.

Key Features

  • Fingerprint fixes at the C++ engine level
  • Raw CDP endpoint on port 9222
  • Playwright and Puppeteer compatibility
  • Tunable browser personas via flags
  • Fortress MCP with agent browsing tools
  • Docker, pip, and npm distribution

Pros & Cons

What we like

  • Corrects fingerprints in native code, not detectable JS
  • Drops into existing Playwright or Puppeteer setups
  • Open-source patches you can audit and rebuild
  • Ships an MCP server for AI agent browsing

Room for improvement

  • Requires technical setup and automation knowledge
  • Bot detection is an ongoing cat-and-mouse arms race
  • Hosted Tilion Cloud is still a waitlist
  • Narrow focus on stealth browsing and scraping

Frequently Asked Questions

What is Fortress?
Fortress is an open-source Chromium fork that corrects the fingerprints anti-bot systems look for, doing it inside the browser's C++ engine so the browser presents as an ordinary Chrome install. It exposes a standard CDP endpoint that Playwright and Puppeteer can drive without code changes.
Is Fortress free?
The Fortress engine and its patches are open source under a BSD-3-Clause license, so you can run and rebuild it yourself. Tilion, the team behind it, is also planning a hosted option called Tilion Cloud, which is currently a waitlist.
How does it avoid detection?
Instead of patching browser behavior in JavaScript, which reveals itself under inspection, Fortress fixes the fingerprint in native C++ so getters return native code across every JavaScript context. It ships as a set of single-purpose patches and reports passing common detector suites and live Cloudflare challenges.
Who is Fortress for?
Developers building scrapers, automation, and AI agents that need to reach sites which block ordinary headless browsers. It also suits teams testing their own anti-bot defenses against a realistic browser.

Best For

Automating sites that block ordinary headless browsersGiving an AI agent reliable web accessTesting anti-bot defenses against a realistic browserRunning resilient scrapers behind Cloudflare challenges

Featured in

Alternatives to Fortress

View all

Reviews (7)

D
Diego Reyes

Solid but not perfect

Started using Fortress casually, now it is pinned in my dock. Got real value out of docker, pip, and npm distribution. Found it works best for running resilient scrapers behind cloudflare challenges. My only gripe is narrow focus on stealth browsing and scraping. Recommending it to people in a similar spot.

5/9/2026 12 found this helpful
L
Louis Mueller Verified

Worth a look

Have been running Fortress for a while, here is where I land. The interface stays out of my way, which I appreciate. It fits well for running resilient scrapers behind cloudflare challenges.

4/30/2026 11 found this helpful
N
Nikolai Kang Verified

It just works

Three months of Fortress later, here is what holds up. What stands out is how it handles playwright and puppeteer compatibility. It slotted into my routine without much fuss. Recommending it to people in a similar spot.

4/13/2026 10 found this helpful
Y
Yifan Leroy Verified

Does the job, a few gripes

Came to Fortress after getting frustrated with what I had before. The defaults are sensible, so I was not fighting settings on day one. It would be a five if not for hosted tilion cloud is still a waitlist. Worth it for what I get out of it.

3/20/2026 10 found this helpful
Z
Zhi Oliveira Verified

Solid but not perfect

Fortress solves a real problem for me without making a fuss about it. The raw cdp endpoint on port 9222 is more useful than I expected. Performance has been steady even when I lean on it hard. One thing that bugs me is bot detection is an ongoing cat-and-mouse arms race. Worth it for what I get out of it.

3/23/2026 2 found this helpful
A
Aditya Lindqvist Verified

Good, with a few caveats

Hadn't planned on switching, but Fortress was hard to ignore. The docker, pip, and npm distribution is more useful than I expected. The defaults are sensible, so I was not fighting settings on day one. The catch is narrow focus on stealth browsing and scraping. Easy yes for anyone weighing the same trade offs.

6/23/2026 1 found this helpful
L
Leon Iyer Verified

Solid but not perfect

Have been running Fortress for a while, here is where I land. What stands out is how it handles docker, pip, and npm distribution. Found it works best for running resilient scrapers behind cloudflare challenges. It would be a five if not for narrow focus on stealth browsing and scraping. No regrets so far.

4/27/2026