JA4 TLS Fingerprint
Your client's TLS ClientHello fingerprint, as seen by this server.
Your JA4 fingerprint
t13d1011h2_61a7ad8aa9b6_3fcd1a44f3e3
JA4 string: t13d1011h2_61a7ad8aa9b6_3fcd1a44f3e3
JA4_r (raw, unhashed): t13d1011h2_00ff,1301,1302,1303,c02b,c02c,c02f,c030,cca8,cca9_0005,000a,000b,000d,0017,0023,002b,002d,0033_0503,0403,0807,0806,0805,0804,0601,0501,0401
How each part is computed
JA4_a — the human-readable part
Built by concatenating 6 fields directly from the ClientHello. No hashing — you can read it.
1 · Protocol
t — TCP (TLS).
t = TLS over TCP, q = QUIC, d = DTLS.2 · TLS version
13 — TLS 1.3. Highest version from
supported_versions (ignoring GREASE), or the legacy version field if the extension is absent. Possible values: 13, 12, 11, 10, s3, s2, 00.3 · SNI
d — domain (SNI extension present).
d = SNI extension present (domain), i = no SNI (IP).4 · Cipher suite count
10 — cipher suites, zero-padded to 2 digits and capped at 99. Only GREASE values are excluded; SCSV (
0x00FF, 0x5600) and reserved/experimental values (0xFE00–0xFEFF) are counted.5 · Extension count
11 — extensions, zero-padded to 2 digits and capped at 99. Only GREASE values are excluded — SNI (
0x0000) and ALPN (0x0010) are counted here, even though they are removed from the JA4_c hash below.6 · ALPN
h2 — first and last alphanumeric characters of the first ALPN value ('h2'); if the first or last byte is non-alphanumeric, the first and last characters of the ALPN's hex encoding are used instead.
00 means no ALPN extension; otherwise it's the first and last alphanumeric characters of the first ALPN value (e.g. h2 for HTTP/2). If the first or last byte of the first ALPN is non-alphanumeric, the first and last characters of the ALPN's hex encoding are used instead.Result
Concatenate them in order: t13d1011h2 = t13d1011h2
JA4_b — cipher suites hash
1 · Collect
Take all cipher suites from the ClientHello and remove GREASE values.
2 · Sort & format
Sort ascending, format as comma-separated 4-char lowercase hex:
0x1301,0x1302,…3 · Hash
SHA-256 the string and take the first 12 hex characters. SHA-256("0x00ff,0x1301,0x1302,0x1303,0xc02b,0xc02c,0xc02f,0xc030,0xcca8,0xcca9")
Result
61a7ad8aa9b6
JA4_c — extensions + signature algorithms hash
1 · Collect extensions
Take all extensions, remove GREASE values, and also remove SNI (
0x0000) and ALPN (0x0010) — those are already captured in JA4_a.2 · Sort extensions
Sort the remaining extensions ascending and format as 4-char lowercase hex.
3 · Append signature algorithms
Append the signature algorithms in their original order (not sorted), separated from the extensions by an underscore:
exts_sigalgs.4 · Hash
SHA-256 the resulting string and take the first 12 hex characters. SHA-256("0x0005,0x000a,0x000b,0x000d,0x0017,0x0023,0x002b,0x002d,0x0033_0x0503,0x0403,0x0807,0x0806,0x0805,0x0804,0x0601,0x0501,0x0401")
Result
3fcd1a44f3e3
Final assembly
Join the three parts with underscores: t13d1011h2_61a7ad8aa9b6_3fcd1a44f3e3
Raw ClientHello data
Connection
TLS version 0x0304 · TLS 1.3
SNI shigshag.com
ALPN h2http/1.1
Cipher count 10
Extension count 11
Cipher suites · sorted ascending, GREASE filtered
0x00ff0x13010x13020x13030xc02b0xc02c0xc02f0xc0300xcca80xcca9
Extensions · original order, GREASE filtered, includes SNI/ALPN
0x00000x00170x002d0x00330x00100x000d0x00050x002b0x000b0x00230x000a
Signature algorithms · original order
0x05030x04030x08070x08060x08050x08040x06010x05010x0401
JA4 fingerprinting designed by FoxIO.