From f4c9b089dbf226b918cbeb1563ee2775882eed30 Mon Sep 17 00:00:00 2001
From: Avi Fenesh <aviarchi1994@gmail.com>
Date: Thu, 26 Feb 2026 04:05:30 +0200
Subject: [PATCH 1/5] feat(stealth): deep anti-bot evasion for headless
 browsers

CDP artifact removal, screen/viewport dimension spoofing,
navigator.connection, WebRTC IP leak prevention, realistic viewport.
---
 scripts/browser-launcher.js | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/scripts/browser-launcher.js b/scripts/browser-launcher.js
index d0bc6b2..2ddb4e9 100644
--- a/scripts/browser-launcher.js
+++ b/scripts/browser-launcher.js
@@ -75,10 +75,12 @@ async function launchBrowser(sessionName, options = {}) {
 
   const launchOptions = {
     headless,
+    viewport: { width: 1920, height: 1080 },
     args: [
       '--disable-blink-features=AutomationControlled',
       '--no-first-run',
-      '--no-default-browser-check'
+      '--no-default-browser-check',
+      '--window-size=1920,1080'
     ]
   };
 
@@ -146,6 +148,34 @@ async function launchBrowser(sessionName, options = {}) {
       }
       return origQuery(params);
     };
+
+    // Remove CDP detection artifacts (window.cdc_* variables)
+    for (const key of Object.keys(window)) {
+      if (/^cdc_/.test(key)) delete window[key];
+    }
+
+    // Screen dimensions (headless reports 0 for outerWidth/outerHeight)
+    Object.defineProperty(window, 'outerWidth', { get: () => window.innerWidth });
+    Object.defineProperty(window, 'outerHeight', { get: () => window.innerHeight + 85 });
+    Object.defineProperty(screen, 'availWidth', { get: () => screen.width });
+    Object.defineProperty(screen, 'availHeight', { get: () => screen.height - 40 });
+
+    // navigator.connection (missing in some headless environments)
+    if (!navigator.connection) {
+      Object.defineProperty(navigator, 'connection', {
+        get: () => ({ effectiveType: '4g', rtt: 50, downlink: 10, saveData: false })
+      });
+    }
+
+    // Prevent WebRTC local IP leak (fingerprinting signal)
+    if (window.RTCPeerConnection) {
+      const OrigRTC = window.RTCPeerConnection;
+      window.RTCPeerConnection = function(config, constraints) {
+        if (config && config.iceServers) config.iceServers = [];
+        return new OrigRTC(config, constraints);
+      };
+      window.RTCPeerConnection.prototype = OrigRTC.prototype;
+    }
   });
 
   // Get or create the first page

From 7804951c6f972f5b890572758be8ad66bbd0dbd7 Mon Sep 17 00:00:00 2001
From: Avi Fenesh <aviarchi1994@gmail.com>
Date: Thu, 26 Feb 2026 04:05:38 +0200
Subject: [PATCH 2/5] feat(goto): auto headed fallback when content blocked in
 headless

When content blocking is detected, automatically switches to headed
browser to retrieve content. Disable with --no-auto-recover.
---
 scripts/web-ctl.js | 40 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)

diff --git a/scripts/web-ctl.js b/scripts/web-ctl.js
index 943d131..c88b6dd 100755
--- a/scripts/web-ctl.js
+++ b/scripts/web-ctl.js
@@ -21,7 +21,7 @@ const BOOLEAN_FLAGS = new Set([
   '--allow-evaluate', '--no-snapshot', '--wait-stable', '--vnc',
   '--exact', '--accept', '--submit', '--dismiss', '--auto',
   '--snapshot-collapse', '--snapshot-text-only', '--snapshot-compact',
-  '--snapshot-full', '--no-auth-wall-detect', '--no-content-block-detect', '--ensure-auth', '--wait-loaded',
+  '--snapshot-full', '--no-auth-wall-detect', '--no-content-block-detect', '--no-auto-recover', '--ensure-auth', '--wait-loaded',
 ]);
 
 function validateSessionName(name) {
@@ -1096,6 +1096,39 @@ async function runAction(sessionName, action, actionArgs, opts) {
             contentBlockedIndicators: provider?.contentBlockedIndicators
           });
         }
+        // Auto headed fallback when content is blocked
+        if (contentBlockResult?.detected && !opts.noAutoRecover) {
+          const headed = await canLaunchHeaded();
+          if (headed) {
+            console.warn('[WARN] Content blocked in headless - falling back to headed browser');
+            await closeBrowser(sessionName, context);
+            await new Promise(resolve => setTimeout(resolve, 500));
+            const headedBrowser = await launchBrowser(sessionName, { headless: false });
+            context = headedBrowser.context;
+            page = headedBrowser.page;
+            try {
+              await page.goto(url, { waitUntil: 'domcontentloaded', timeout: 30000 });
+              if (opts.waitLoaded) {
+                await waitForLoaded(page, { timeout: loadedTimeout });
+              }
+              const headedSnapshot = await getSnapshot(page, opts);
+              result = {
+                url: page.url(),
+                status: response ? response.status() : null,
+                contentBlocked: true,
+                headedFallback: true,
+                warning: 'content_blocked_headed_fallback',
+                suggestion: 'Content was blocked in headless mode. Retrieved via headed browser.',
+                ...(opts.waitLoaded && { waitLoaded: true }),
+                ...(headedSnapshot != null && { snapshot: headedSnapshot })
+              };
+              break;
+            } catch (fallbackErr) {
+              console.warn('[WARN] Headed fallback failed: ' + fallbackErr.message);
+              // Fall through to return the headless result with warning
+            }
+          }
+        }
         const snapshot = await getSnapshot(page, opts);
         result = {
           url: page.url(),
@@ -1103,9 +1136,12 @@ async function runAction(sessionName, action, actionArgs, opts) {
           ...(opts.waitLoaded && { waitLoaded: true }),
           ...(contentBlockResult?.detected && {
             contentBlocked: true,
+            headedFallback: false,
             warning: 'content_blocked',
             contentBlockedReason: contentBlockResult.reason,
-            suggestion: "Site may be blocking headless browsers. Try: (1) authenticate with 'session auth <name> --provider <provider>', (2) use --ensure-auth for headed mode"
+            suggestion: opts.noAutoRecover
+              ? "Site may be blocking headless browsers. Try: (1) authenticate with 'session auth <name> --provider <provider>', (2) use --ensure-auth for headed mode"
+              : 'Content blocked and no display for headed fallback. Try: ssh -X or set DISPLAY.'
           }),
           ...(snapshot != null && { snapshot })
         };

From b2d10950aca368553007eb7ab8e76d1510a8d269 Mon Sep 17 00:00:00 2001
From: Avi Fenesh <aviarchi1994@gmail.com>
Date: Thu, 26 Feb 2026 04:05:47 +0200
Subject: [PATCH 3/5] test: add stealth hardening and auto-recover fallback
 tests

---
 tests/browser-stealth.test.js | 144 ++++++++++++++++++++++++++++++++++
 tests/web-ctl-actions.test.js |  48 ++++++++++++
 2 files changed, 192 insertions(+)
 create mode 100644 tests/browser-stealth.test.js

diff --git a/tests/browser-stealth.test.js b/tests/browser-stealth.test.js
new file mode 100644
index 0000000..a8d50be
--- /dev/null
+++ b/tests/browser-stealth.test.js
@@ -0,0 +1,144 @@
+'use strict';
+
+const { describe, it } = require('node:test');
+const assert = require('node:assert/strict');
+const fs = require('fs');
+const path = require('path');
+
+const launcherSource = fs.readFileSync(
+  path.join(__dirname, '..', 'scripts', 'browser-launcher.js'),
+  'utf8'
+);
+
+describe('browser stealth init script', () => {
+
+  it('hides navigator.webdriver', () => {
+    assert.ok(
+      launcherSource.includes("navigator, 'webdriver'"),
+      'should spoof navigator.webdriver'
+    );
+  });
+
+  it('spoofs window.chrome object', () => {
+    assert.ok(
+      launcherSource.includes('window.chrome'),
+      'should define window.chrome'
+    );
+  });
+
+  it('spoofs navigator.plugins', () => {
+    assert.ok(
+      launcherSource.includes("navigator, 'plugins'"),
+      'should spoof navigator.plugins'
+    );
+    assert.ok(
+      launcherSource.includes('Chrome PDF Plugin'),
+      'should include a realistic plugin'
+    );
+  });
+
+  it('spoofs navigator.languages', () => {
+    assert.ok(
+      launcherSource.includes("navigator, 'languages'"),
+      'should spoof navigator.languages'
+    );
+  });
+
+  it('overrides WebGL renderer', () => {
+    assert.ok(
+      launcherSource.includes('UNMASKED_VENDOR_WEBGL'),
+      'should override WebGL vendor'
+    );
+    assert.ok(
+      launcherSource.includes('UNMASKED_RENDERER_WEBGL'),
+      'should override WebGL renderer'
+    );
+  });
+
+  it('overrides permissions.query', () => {
+    assert.ok(
+      launcherSource.includes('permissions.query'),
+      'should override permissions.query'
+    );
+  });
+
+  it('removes CDP detection artifacts', () => {
+    assert.ok(
+      launcherSource.includes('cdc_'),
+      'should remove cdc_ variables'
+    );
+  });
+
+  it('spoofs screen dimensions', () => {
+    assert.ok(
+      launcherSource.includes("'outerWidth'"),
+      'should spoof window.outerWidth'
+    );
+    assert.ok(
+      launcherSource.includes("'outerHeight'"),
+      'should spoof window.outerHeight'
+    );
+    assert.ok(
+      launcherSource.includes("'availWidth'"),
+      'should spoof screen.availWidth'
+    );
+    assert.ok(
+      launcherSource.includes("'availHeight'"),
+      'should spoof screen.availHeight'
+    );
+  });
+
+  it('spoofs navigator.connection', () => {
+    assert.ok(
+      launcherSource.includes('navigator.connection'),
+      'should spoof navigator.connection'
+    );
+    assert.ok(
+      launcherSource.includes("effectiveType: '4g'"),
+      'should report 4g connection'
+    );
+  });
+
+  it('prevents WebRTC IP leak', () => {
+    assert.ok(
+      launcherSource.includes('RTCPeerConnection'),
+      'should override RTCPeerConnection'
+    );
+    assert.ok(
+      launcherSource.includes('iceServers'),
+      'should clear iceServers'
+    );
+  });
+});
+
+describe('browser launch options', () => {
+
+  it('sets realistic viewport size', () => {
+    assert.ok(
+      launcherSource.includes('viewport:'),
+      'should set viewport'
+    );
+    assert.ok(
+      launcherSource.includes('1920'),
+      'should use 1920 width'
+    );
+    assert.ok(
+      launcherSource.includes('1080'),
+      'should use 1080 height'
+    );
+  });
+
+  it('sets window-size arg', () => {
+    assert.ok(
+      launcherSource.includes('--window-size=1920,1080'),
+      'should set --window-size arg'
+    );
+  });
+
+  it('disables automation controlled features', () => {
+    assert.ok(
+      launcherSource.includes('--disable-blink-features=AutomationControlled'),
+      'should disable AutomationControlled'
+    );
+  });
+});
diff --git a/tests/web-ctl-actions.test.js b/tests/web-ctl-actions.test.js
index 053c649..3d1ac23 100644
--- a/tests/web-ctl-actions.test.js
+++ b/tests/web-ctl-actions.test.js
@@ -837,6 +837,54 @@ describe('content blocking detection in goto', () => {
   });
 });
 
+describe('auto headed fallback in goto', () => {
+  const fs = require('fs');
+  const path = require('path');
+  const webCtlSource = fs.readFileSync(
+    path.join(__dirname, '..', 'scripts', 'web-ctl.js'),
+    'utf8'
+  );
+
+  it('--no-auto-recover is a valid boolean flag', () => {
+    assert.ok(
+      webCtlSource.includes("'--no-auto-recover'"),
+      '--no-auto-recover should be in BOOLEAN_FLAGS'
+    );
+  });
+
+  it('goto case checks noAutoRecover flag', () => {
+    assert.ok(
+      webCtlSource.includes('noAutoRecover'),
+      'goto case should check noAutoRecover flag'
+    );
+  });
+
+  it('goto case includes headedFallback in result', () => {
+    assert.ok(
+      webCtlSource.includes('headedFallback: true'),
+      'result should include headedFallback: true when fallback used'
+    );
+    assert.ok(
+      webCtlSource.includes('headedFallback: false'),
+      'result should include headedFallback: false when fallback unavailable'
+    );
+  });
+
+  it('goto case launches headed browser on content block', () => {
+    assert.ok(
+      webCtlSource.includes('Content blocked in headless - falling back to headed browser'),
+      'should warn about headed fallback'
+    );
+  });
+
+  it('goto case handles headed fallback errors gracefully', () => {
+    assert.ok(
+      webCtlSource.includes('Headed fallback failed'),
+      'should handle headed fallback errors'
+    );
+  });
+});
+
 describe('--ensure-auth flag', () => {
   const fs = require('fs');
   const path = require('path');

From 3f5d475b871b4af3ab6aa810a6acd1b07abf7d11 Mon Sep 17 00:00:00 2001
From: Avi Fenesh <aviarchi1994@gmail.com>
Date: Thu, 26 Feb 2026 04:06:53 +0200
Subject: [PATCH 4/5] docs: document stealth hardening and auto headed fallback

---
 CHANGELOG.md               | 2 ++
 README.md                  | 3 ++-
 skills/web-browse/SKILL.md | 8 +++++---
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index dbaaaba..4253669 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -29,6 +29,8 @@
 - `--max-field-length <N>` flag for `extract` macro to configure maximum characters per extracted field (default: 500, max: 2000)
 - `--wait-loaded` flag for goto action - waits for async-rendered content to finish loading before taking the snapshot. Combines network idle, DOM stability, and loading indicator absence detection (spinners, skeletons, progress bars, aria-busy). Use `--timeout <ms>` to set wait timeout (default: 15000ms)
 - Automatic content blocking detection in goto action - detects when sites serve pages but block content from headless browsers (e.g., X.com empty timelines). Uses provider-specific heuristics (content selectors, blocked indicators) and generic checks (empty content, persistent spinners). Response includes `contentBlocked: true`, `warning: 'content_blocked'`, and recovery suggestions. Disable with `--no-content-block-detect` flag
+- Deep stealth hardening for headless browsers - CDP artifact removal, screen/viewport dimension spoofing, navigator.connection, WebRTC IP leak prevention. Reduces detection by aggressive anti-bot sites
+- Auto headed fallback when content is blocked in headless - automatically switches to a headed browser to retrieve content when headless is detected and blocked. Response includes `headedFallback: true`. Disable with `--no-auto-recover` flag
 
 ### Fixed
 - Smart default snapshot scoping now includes complementary ARIA landmarks (`<aside>`, `[role="complementary"]`) alongside `<main>`, capturing sidebar content like repository stats (#26)
diff --git a/README.md b/README.md
index 3f193dc..c7ae41a 100644
--- a/README.md
+++ b/README.md
@@ -94,7 +94,7 @@ web-ctl session end github
 
 | Action | Usage | Returns |
 |--------|-------|---------|
-| `goto` | `run <s> goto <url> [--no-auth-wall-detect] [--no-content-block-detect] [--ensure-auth] [--wait-loaded]` | `{ url, status, authWallDetected, checkpointCompleted, ensureAuthCompleted, waitLoaded, contentBlocked, warning, snapshot }` |
+| `goto` | `run <s> goto <url> [--no-auth-wall-detect] [--no-content-block-detect] [--no-auto-recover] [--ensure-auth] [--wait-loaded]` | `{ url, status, authWallDetected, checkpointCompleted, ensureAuthCompleted, waitLoaded, contentBlocked, headedFallback, warning, snapshot }` |
 | `snapshot` | `run <s> snapshot` | `{ url, snapshot }` |
 | `click` | `run <s> click <sel> [--wait-stable]` | `{ url, clicked, snapshot }` |
 | `click-wait` | `run <s> click-wait <sel> [--timeout]` | `{ url, clicked, settled, snapshot }` |
@@ -174,6 +174,7 @@ This eliminates the common click-snapshot-check loop that wastes agent turns on
 | `--allow-evaluate` | `evaluate` | Required safety flag for JS execution |
 | `--no-auth-wall-detect` | `goto` | Disable automatic auth wall detection and checkpoint opening |
 | `--no-content-block-detect` | `goto` | Disable automatic content blocking detection (e.g., sites serving empty pages to headless browsers) |
+| `--no-auto-recover` | `goto` | Disable automatic headed fallback when content is blocked in headless mode |
 | `--ensure-auth` | `goto` | Poll for auth completion instead of timed checkpoint; overrides `--no-auth-wall-detect` |
 | `--wait-loaded` | `goto` | Wait for async content to finish rendering (network idle + loading indicator absence + DOM quiet) |
 | `--snapshot-depth <N>` | Any action with snapshot | Limit ARIA tree depth (e.g. 3 for top 3 levels) |
diff --git a/skills/web-browse/SKILL.md b/skills/web-browse/SKILL.md
index ea39f9a..da8a946 100644
--- a/skills/web-browse/SKILL.md
+++ b/skills/web-browse/SKILL.md
@@ -46,7 +46,7 @@ Safe practice: always double-quote URL arguments.
 ### goto - Navigate to URL
 
 ```bash
-node ${PLUGIN_ROOT}/scripts/web-ctl.js run <session> goto <url> [--no-auth-wall-detect] [--no-content-block-detect] [--ensure-auth] [--wait-loaded]
+node ${PLUGIN_ROOT}/scripts/web-ctl.js run <session> goto <url> [--no-auth-wall-detect] [--no-content-block-detect] [--no-auto-recover] [--ensure-auth] [--wait-loaded]
 ```
 
 Navigates to a URL and automatically detects authentication walls using a three-heuristic detection system:
@@ -62,9 +62,11 @@ Use `--ensure-auth` to actively poll for authentication completion instead of a
 
 Use `--wait-loaded` to wait for async-rendered content to finish loading before taking the snapshot. This combines network idle, DOM stability, loading indicator absence detection (spinners, skeletons, progress bars, aria-busy), and a final DOM quiet period. Use `--timeout <ms>` to set the wait timeout (default: 15000ms). Ideal for SPAs and pages that render content after the initial page load.
 
-Use `--no-content-block-detect` to disable automatic detection of content blocking (e.g., sites serving empty pages to headless browsers). When content blocking is detected, the response includes `contentBlocked: true`, `warning: 'content_blocked'`, and a suggestion to authenticate or use headed mode.
+Use `--no-content-block-detect` to disable automatic detection of content blocking (e.g., sites serving empty pages to headless browsers). When content blocking is detected, the goto action automatically falls back to a headed browser to retrieve the content. The response includes `contentBlocked: true`, `headedFallback: true`, and the snapshot from the headed session.
 
-Returns: `{ url, status, authWallDetected, checkpointCompleted, ensureAuthCompleted, waitLoaded, contentBlocked, warning, contentBlockedReason, suggestion, snapshot }`
+Use `--no-auto-recover` to disable the automatic headed fallback. When set, content blocking detection still runs but only returns a warning without attempting recovery.
+
+Returns: `{ url, status, authWallDetected, checkpointCompleted, ensureAuthCompleted, waitLoaded, contentBlocked, headedFallback, warning, contentBlockedReason, suggestion, snapshot }`
 
 ### snapshot - Get Accessibility Tree
 

From 77ca827bbc51db966c90634cf305400f5f5ad7a4 Mon Sep 17 00:00:00 2001
From: Avi Fenesh <aviarchi1994@gmail.com>
Date: Thu, 26 Feb 2026 13:15:28 +0200
Subject: [PATCH 5/5] fix: review feedback - stale response, fallback error
 handling, perf

- Use headed response status instead of stale headless response
- Save headless snapshot before close for fallback error path
- Null context/page after fallback failure to prevent stale access
- Re-detect content blocking after headed fallback
- Cache canLaunchHeaded result (60s TTL) to avoid repeated browser probes
- Defensive copy of WebRTC config to prevent mutation
- Targeted CDP artifact list instead of Object.keys(window) scan
---
 scripts/browser-launcher.js   | 11 +++----
 scripts/web-ctl.js            | 61 +++++++++++++++++++++++++++++------
 tests/browser-stealth.test.js |  6 ++--
 tests/web-ctl-actions.test.js | 21 ++++++++++++
 4 files changed, 81 insertions(+), 18 deletions(-)

diff --git a/scripts/browser-launcher.js b/scripts/browser-launcher.js
index 2ddb4e9..b842b73 100644
--- a/scripts/browser-launcher.js
+++ b/scripts/browser-launcher.js
@@ -149,10 +149,9 @@ async function launchBrowser(sessionName, options = {}) {
       return origQuery(params);
     };
 
-    // Remove CDP detection artifacts (window.cdc_* variables)
-    for (const key of Object.keys(window)) {
-      if (/^cdc_/.test(key)) delete window[key];
-    }
+    // Remove known CDP detection artifacts (targeted list, avoids Object.keys(window) scan)
+    ['cdc_adoQpoasnfa76pfcZLmcfl_Array', 'cdc_adoQpoasnfa76pfcZLmcfl_Promise',
+     'cdc_adoQpoasnfa76pfcZLmcfl_Symbol'].forEach(k => { try { delete window[k]; } catch {} });
 
     // Screen dimensions (headless reports 0 for outerWidth/outerHeight)
     Object.defineProperty(window, 'outerWidth', { get: () => window.innerWidth });
@@ -171,8 +170,8 @@ async function launchBrowser(sessionName, options = {}) {
     if (window.RTCPeerConnection) {
       const OrigRTC = window.RTCPeerConnection;
       window.RTCPeerConnection = function(config, constraints) {
-        if (config && config.iceServers) config.iceServers = [];
-        return new OrigRTC(config, constraints);
+        const safeConfig = config ? { ...config, iceServers: [] } : config;
+        return new OrigRTC(safeConfig, constraints);
       };
       window.RTCPeerConnection.prototype = OrigRTC.prototype;
     }
diff --git a/scripts/web-ctl.js b/scripts/web-ctl.js
index c88b6dd..b734262 100755
--- a/scripts/web-ctl.js
+++ b/scripts/web-ctl.js
@@ -88,6 +88,22 @@ function matchProviderByDomain(url) {
   }
 }
 
+/**
+ * Cached result for canLaunchHeaded (display availability rarely changes mid-session).
+ * TTL: 60 seconds.
+ */
+let _headedCache = null;
+let _headedCacheTime = 0;
+const HEADED_CACHE_TTL = 60000;
+async function cachedCanLaunchHeaded() {
+  if (_headedCache !== null && Date.now() - _headedCacheTime < HEADED_CACHE_TTL) {
+    return _headedCache;
+  }
+  _headedCache = await canLaunchHeaded();
+  _headedCacheTime = Date.now();
+  return _headedCache;
+}
+
 /**
  * Convert selector string to Playwright locator.
  */
@@ -1098,34 +1114,61 @@ async function runAction(sessionName, action, actionArgs, opts) {
         }
         // Auto headed fallback when content is blocked
         if (contentBlockResult?.detected && !opts.noAutoRecover) {
-          const headed = await canLaunchHeaded();
+          const headed = await cachedCanLaunchHeaded();
           if (headed) {
             console.warn('[WARN] Content blocked in headless - falling back to headed browser');
+            // Save headless snapshot before closing (fallback may fail)
+            const headlessSnapshot = await getSnapshot(page, opts);
+            const headlessUrl = page.url();
+            const headlessStatus = response ? response.status() : null;
             await closeBrowser(sessionName, context);
             await new Promise(resolve => setTimeout(resolve, 500));
-            const headedBrowser = await launchBrowser(sessionName, { headless: false });
-            context = headedBrowser.context;
-            page = headedBrowser.page;
             try {
-              await page.goto(url, { waitUntil: 'domcontentloaded', timeout: 30000 });
+              const headedBrowser = await launchBrowser(sessionName, { headless: false });
+              context = headedBrowser.context;
+              page = headedBrowser.page;
+              const headedResponse = await page.goto(url, { waitUntil: 'domcontentloaded', timeout: 30000 });
               if (opts.waitLoaded) {
                 await waitForLoaded(page, { timeout: loadedTimeout });
               }
+              // Re-detect content blocking in headed mode
+              const headedProvider = matchProviderByDomain(url);
+              const headedBlockResult = await detectContentBlocked(page, {
+                contentSelectors: headedProvider?.contentSelectors,
+                contentBlockedIndicators: headedProvider?.contentBlockedIndicators
+              });
               const headedSnapshot = await getSnapshot(page, opts);
               result = {
                 url: page.url(),
-                status: response ? response.status() : null,
+                status: headedResponse ? headedResponse.status() : null,
                 contentBlocked: true,
                 headedFallback: true,
-                warning: 'content_blocked_headed_fallback',
-                suggestion: 'Content was blocked in headless mode. Retrieved via headed browser.',
+                ...(headedBlockResult?.detected && { headedAlsoBlocked: true }),
+                warning: headedBlockResult?.detected ? 'content_blocked_headed_also' : 'content_blocked_headed_fallback',
+                suggestion: headedBlockResult?.detected
+                  ? 'Content blocked in both headless and headed modes.'
+                  : 'Content was blocked in headless mode. Retrieved via headed browser.',
                 ...(opts.waitLoaded && { waitLoaded: true }),
                 ...(headedSnapshot != null && { snapshot: headedSnapshot })
               };
               break;
             } catch (fallbackErr) {
               console.warn('[WARN] Headed fallback failed: ' + fallbackErr.message);
-              // Fall through to return the headless result with warning
+              // Return headless result captured before close
+              context = null;
+              page = null;
+              result = {
+                url: headlessUrl,
+                status: headlessStatus,
+                contentBlocked: true,
+                headedFallback: false,
+                warning: 'content_blocked',
+                contentBlockedReason: contentBlockResult.reason,
+                suggestion: 'Headed fallback failed: ' + fallbackErr.message,
+                ...(opts.waitLoaded && { waitLoaded: true }),
+                ...(headlessSnapshot != null && { snapshot: headlessSnapshot })
+              };
+              break;
             }
           }
         }
diff --git a/tests/browser-stealth.test.js b/tests/browser-stealth.test.js
index a8d50be..28e20ed 100644
--- a/tests/browser-stealth.test.js
+++ b/tests/browser-stealth.test.js
@@ -62,10 +62,10 @@ describe('browser stealth init script', () => {
     );
   });
 
-  it('removes CDP detection artifacts', () => {
+  it('removes known CDP detection artifacts', () => {
     assert.ok(
-      launcherSource.includes('cdc_'),
-      'should remove cdc_ variables'
+      launcherSource.includes('cdc_adoQpoasnfa76pfcZLmcfl_Array'),
+      'should target known CDP artifact names'
     );
   });
 
diff --git a/tests/web-ctl-actions.test.js b/tests/web-ctl-actions.test.js
index 3d1ac23..7d06901 100644
--- a/tests/web-ctl-actions.test.js
+++ b/tests/web-ctl-actions.test.js
@@ -883,6 +883,27 @@ describe('auto headed fallback in goto', () => {
       'should handle headed fallback errors'
     );
   });
+
+  it('goto case re-detects content blocking in headed mode', () => {
+    assert.ok(
+      webCtlSource.includes('headedBlockResult'),
+      'should re-run content blocking detection after headed fallback'
+    );
+  });
+
+  it('goto case uses cached canLaunchHeaded', () => {
+    assert.ok(
+      webCtlSource.includes('cachedCanLaunchHeaded'),
+      'should use cached headed availability check'
+    );
+  });
+
+  it('goto case captures headless snapshot before fallback', () => {
+    assert.ok(
+      webCtlSource.includes('headlessSnapshot'),
+      'should save headless snapshot before closing browser'
+    );
+  });
 });
 
 describe('--ensure-auth flag', () => {