Fortress
Stealth Chromium fork and MCP server so automation and AI agents don't get blocked
Gallery
About Fortress
Fortress is an open-source Chromium fork built to keep automated browsers from being detected. Rather than patching behavior in JavaScript, the way most stealth tools do, it corrects the browser fingerprint inside Chromium's own C++ so the browser presents as an ordinary Chrome install. It's the flagship project from Tilion, a team whose stated aim is to give AI agents and automation the same access to the open web that a normal person's browser has. The team frames the mission around a simple principle, that every agent works for a person, so whatever a site keeps from an agent it also keeps from the person behind it.
Modern anti-bot systems don't just check a user agent string. They probe dozens of subtle signals, the driver artifacts left by automation frameworks, side-effects of the DevTools protocol, and quirks in how the browser answers fingerprinting questions. A headless browser wired up with the usual JavaScript patches tends to give itself away, because those patches can be spotted by inspecting a function and seeing that it's no longer native code. The result is blocked requests, endless CAPTCHAs, and scrapers that work for a week and then quietly stop. Those signals span three broad layers, the driver artifacts an automation framework leaves behind, the side-effects of speaking the DevTools protocol, and the fingerprint surfaces a page can read directly. Miss any one of them and a modern defense can still spot the difference.
Fortress attacks the problem at the engine level. It ships as a set of single-purpose C++ patches, each fixing one detection vector, so that native getters return native code across every JavaScript context including the main frame, iframes, and workers. Because the correction lives in the binary rather than in a script the page can read, the browser looks ordinary from the inside out. The team keeps the fork rebased on current Chromium on a regular cycle, which matters because a stale browser version is itself a tell. There are 34 of these single-purpose patches in the current tree, and because each targets one vector, the set can be read, audited, extended, or trimmed rather than trusted as an opaque bundle.
Driving it feels familiar. Fortress exposes a raw CDP endpoint on a standard port, so an existing Playwright or Puppeteer script can connect over CDP with no code changes. It's distributed as a pip package, an npm package, and a Docker image, and it offers tunable personas through command-line flags so an operator can present a coherent identity rather than a random mix of signals. Two Chromium bases are available, a stable line meant to blend in with the majority of real users and a newer line for testing. In practice a script connects over CDP to that endpoint and drives the browser exactly as it would a normal one, so moving an existing automation project across is mostly a matter of pointing it at Fortress.
Alongside the browser, Fortress ships an MCP server aimed squarely at AI agents. It exposes a set of tools that an assistant such as Claude or Cursor can call to fetch pages, extract content, and crawl, all through the stealth engine. That turns the project into more than a scraping tool, it becomes a way to give an agent dependable eyes on the web without every other request tripping a block. This is the piece that ties the open web access mission back to day-to-day agent work. The MCP server exposes on the order of two dozen or more tools an assistant can call, which is enough for it to browse, read, extract, and gather from sites that would otherwise turn a bare agent away.
It's built for developers who write scrapers and automation, for teams that want to test their own bot defenses against a realistic browser, and for anyone building agents that keep hitting walls with ordinary headless setups. What sets it apart is where the work happens. Most stealth libraries live in JavaScript and therefore carry their own fingerprint, while Fortress moves the fix into the engine and publishes the patches so you can read exactly what it changes. It also reports passing common detector suites and live Cloudflare challenges. The project points to results against well-known fingerprinting tests and to real retail and travel sites as evidence, and it rebases on current Chromium on a monthly cycle to keep pace.
The engine and its patches are open source under a BSD-3-Clause license, so you can run it, audit it, and rebuild it yourself at no cost, with Chromium keeping its own upstream license. For teams that would rather not manage browser builds, Tilion is preparing a hosted service called Tilion Cloud, which is currently gated behind a waitlist. The team can be reached at team@tilion.dev.
Key Features
- Fingerprint fixes at the C++ engine level
- Raw CDP endpoint on port 9222
- Playwright and Puppeteer compatibility
- Tunable browser personas via flags
- Fortress MCP with agent browsing tools
- Docker, pip, and npm distribution
Pros & Cons
What we like
- Corrects fingerprints in native code, not detectable JS
- Drops into existing Playwright or Puppeteer setups
- Open-source patches you can audit and rebuild
- Ships an MCP server for AI agent browsing
Room for improvement
- Requires technical setup and automation knowledge
- Bot detection is an ongoing cat-and-mouse arms race
- Hosted Tilion Cloud is still a waitlist
- Narrow focus on stealth browsing and scraping
Frequently Asked Questions
What is Fortress?
Is Fortress free?
How does it avoid detection?
Who is Fortress for?
Best For
Featured in
Alternatives to Fortress
View all1Lookup
Real-time data verification API for phone, email, IP, and domain validation to fight fraud

Codedex
A gamified, story-driven platform that teaches Python, web dev, and more like an RPG quest
Hack2hire
Practice real SDE interview questions from top tech companies with expert worked solutions
Cloudflare Pages
Free Jamstack hosting on Cloudflares edge with unlimited bandwidth and tight integration with Workers.
Reviews (7)
Solid but not perfect
Started using Fortress casually, now it is pinned in my dock. Got real value out of docker, pip, and npm distribution. Found it works best for running resilient scrapers behind cloudflare challenges. My only gripe is narrow focus on stealth browsing and scraping. Recommending it to people in a similar spot.
Worth a look
Have been running Fortress for a while, here is where I land. The interface stays out of my way, which I appreciate. It fits well for running resilient scrapers behind cloudflare challenges.
It just works
Three months of Fortress later, here is what holds up. What stands out is how it handles playwright and puppeteer compatibility. It slotted into my routine without much fuss. Recommending it to people in a similar spot.
Does the job, a few gripes
Came to Fortress after getting frustrated with what I had before. The defaults are sensible, so I was not fighting settings on day one. It would be a five if not for hosted tilion cloud is still a waitlist. Worth it for what I get out of it.
Solid but not perfect
Fortress solves a real problem for me without making a fuss about it. The raw cdp endpoint on port 9222 is more useful than I expected. Performance has been steady even when I lean on it hard. One thing that bugs me is bot detection is an ongoing cat-and-mouse arms race. Worth it for what I get out of it.
Good, with a few caveats
Hadn't planned on switching, but Fortress was hard to ignore. The docker, pip, and npm distribution is more useful than I expected. The defaults are sensible, so I was not fighting settings on day one. The catch is narrow focus on stealth browsing and scraping. Easy yes for anyone weighing the same trade offs.
Solid but not perfect
Have been running Fortress for a while, here is where I land. What stands out is how it handles docker, pip, and npm distribution. Found it works best for running resilient scrapers behind cloudflare challenges. It would be a five if not for narrow focus on stealth browsing and scraping. No regrets so far.
