docs: changelog 2026-03-26, variations-in-context flag, custom history depth, cross-link 9 docs

Author: MSTU0

ADVANCED_FEATURES.md

@@ -142,6 +142,7 @@ Consistent behavior across execution modes.
 **Incognito-Mode Consistency:**
 - Fingerprint protection maintained in incognito mode
 - Consistent fingerprint between normal and incognito modes
+- `X-Client-Data` header consistency in incognito contexts via [`--bot-enable-variations-in-context`](CLI_FLAGS.md#behavior--protection-toggles) (ENT Tier2)
 
 <a id="webrtc-leak-protection"></a>
 ### WebRTC Leak Protection

CHANGELOG.md

@@ -3,6 +3,21 @@
 > **Research scope:** Entries in this changelog describe features evaluated in authorized labs and defensive benchmarking programs. Follow the [Legal Disclaimer](DISCLAIMER.md) and [Responsible Use Guidelines](RESPONSIBLE_USE.md). We work with security vendors to investigate any misuse, so report concerns to [support@botbrowser.io](mailto:support@botbrowser.io).
 
 
+## [2026-03-26]
+### Major
+- **Chromium Core → 146.0.7680.165**: Updated to Chrome 146 stable (146.0.7680.165). Web Platform consistency, rendering accuracy, and security patches stay aligned with upstream Chrome.
+
+### New
+- **Incognito `X-Client-Data` Consistency (`--bot-enable-variations-in-context`)** (ENT Tier2): Incognito browser contexts now include `X-Client-Data` headers on Google domains when enabled, matching the behavior of normal browsing sessions.
+
+- **Custom History Depth (`--bot-inject-random-history={number}`)**: History injection now accepts a specific count (e.g., `--bot-inject-random-history=15`) for precise control over `history.length`, in addition to the existing random mode.
+
+### Improvements
+- **High-Concurrency Stability**: 100+ concurrent browser contexts now run without crashes or memory corruption.
+
+- **Emoji Rendering on Cross-Platform Profiles**: Emoji now renders in color when running macOS profiles on Linux hosts, producing correct Canvas toDataURL output.
+
+
 ## [2026-03-23]
 ### Major
 - **Chromium Core → 146.0.7680.154**: Updated to Chrome 146 stable (146.0.7680.154). Web Platform consistency, rendering accuracy, and security patches stay aligned with upstream Chrome.

CLI_FLAGS.md

@@ -423,7 +423,8 @@ Runtime toggles that don’t rely on profile `configs` but still override behavi
 - `--bot-disable-debugger`: Ignore JavaScript `debugger` statements to avoid pauses
 - `--bot-mobile-force-touch`: Force touch events on/off for mobile device simulation
 - `--bot-disable-console-message` (ENT Tier1): Suppress console.* output from CDP logs (default true); prevents framework hooks from enabling `Console.enable`/`Runtime.enable`, which blocks fingerprint signals. Guide: [Console Suppression](docs/guides/fingerprint/CONSOLE_SUPPRESSION.md)
-- `--bot-inject-random-history` (PRO): Add synthetic browsing history for session authenticity. Guide: [History Seeding](docs/guides/identity/HISTORY_SEEDING.md)
+- `--bot-inject-random-history` (PRO): Add synthetic browsing history for session authenticity. Accepts `true` (random 2-7 entries), a number for precise control (e.g., `=15` for `history.length` of 16), or `false` to disable. Guide: [History Seeding](docs/guides/identity/HISTORY_SEEDING.md)
+- `--bot-enable-variations-in-context` (ENT Tier2): Include `X-Client-Data` headers in incognito browser contexts for Google domains, same as regular browsing. Disabled by default.
 - `--bot-always-active` (PRO, default true): Keep windows/tabs active even when unfocused. See [Active Window Emulation](ADVANCED_FEATURES.md#active-window-emulation)
 - `--bot-webrtc-ice=google` (ENT Tier1): Override STUN/TURN endpoints observed by JavaScript/WebRTC to control ICE signaling; accepts presets (`google`) or `custom:stun:...,turn:...`. See [WebRTC Leak Protection](ADVANCED_FEATURES.md#webrtc-leak-protection). Guide: [WebRTC Leak Prevention](docs/guides/network/WEBRTC_LEAK_PREVENTION.md)
 - `--bot-noise-seed` (ENT Tier2): Integer seed (1-UINT32_MAX) for the deterministic noise RNG; each seed augments privacy variance across Canvas 2D/WebGL/WebGPU images, text metrics, text layout, ClientRect measurements, and offline audio hashes so you can treat a seed as a reproducible fingerprint ID per tenant while keeping runs stable. `0` keeps noise active with profile defaults. Guide: [Noise Seed Reproducibility](docs/guides/fingerprint/NOISE_SEED_REPRODUCIBILITY.md)

PER_CONTEXT_FINGERPRINT.md

@@ -302,7 +302,8 @@ Most `--bot-*` flags from [CLI_FLAGS.md](CLI_FLAGS.md) work with per-context con
 | Network | [`--bot-network-info-override`](ADVANCED_FEATURES.md#network-info-privacy) for profile-defined `navigator.connection` values |
 | WebRTC | [`--bot-webrtc-ice`](ADVANCED_FEATURES.md#webrtc-leak-protection) for ICE endpoint control |
 | Window | [`--bot-always-active`](ADVANCED_FEATURES.md#active-window-emulation) to maintain active window state |
-| Session | `--bot-inject-random-history` for session authenticity |
+| Session | `--bot-inject-random-history` for session authenticity (supports precise count, e.g., `=15`) |
+| Google Headers | [`--bot-enable-variations-in-context`](CLI_FLAGS.md#behavior--protection-toggles) for `X-Client-Data` consistency in incognito contexts (ENT Tier2) |
 | Proxy | [`--proxy-server`](CLI_FLAGS.md#enhanced-proxy-configuration) (configure proxy per-context via `botbrowserFlags`), `--proxy-ip` to skip IP lookups |
 | HTTP | [`--bot-custom-headers`](CLI_FLAGS.md#--bot-custom-headers-pro) for custom HTTP request headers per context |
 | Config | [`--bot-config-platform`, `--bot-config-timezone`, `--bot-config-noise-canvas`, etc.](CLI_FLAGS.md#profile-configuration-override-flags) |

README.md

@@ -178,7 +178,8 @@ Examples: [Playwright](examples/playwright/) • [Puppeteer](examples/puppeteer/
 |---------|-----------|-------|
 | Cookie management (inline JSON or file) | [--bot-cookies](CLI_FLAGS.md#--bot-cookies) | [Guide](docs/guides/identity/COOKIE_MANAGEMENT.md) |
 | Bookmark injection | [--bot-bookmarks](CLI_FLAGS.md#--bot-bookmarks) | [Guide](docs/guides/identity/BOOKMARK_SEEDING.md) |
-| Random history injection | [Behavior Toggles](CLI_FLAGS.md#behavior--protection-toggles) | [Guide](docs/guides/identity/HISTORY_SEEDING.md) |
+| History injection (random or precise count) | [Behavior Toggles](CLI_FLAGS.md#behavior--protection-toggles) | [Guide](docs/guides/identity/HISTORY_SEEDING.md) |
+| Incognito `X-Client-Data` consistency | [Behavior Toggles](CLI_FLAGS.md#behavior--protection-toggles) | [Guide](docs/guides/fingerprint/INCOGNITO.md) |
 | Always-active windows (anti-focus-tracking) | [Active Window](ADVANCED_FEATURES.md#active-window-emulation) | [Guide](docs/guides/fingerprint/ACTIVE_WINDOW.md) |
 | Custom HTTP headers (CLI + CDP) | [--bot-custom-headers](CLI_FLAGS.md#--bot-custom-headers-pro) | [Guide](docs/guides/network/CUSTOM_HTTP_HEADERS.md) |
 | Plaintext storage access (cookies, localStorage) | [Storage Access](examples/storage-access/) | [Guide](docs/guides/identity/STORAGE_ACCESS.md) |

docs/guides/fingerprint/INCOGNITO.md

@@ -46,6 +46,8 @@ BotBrowser normalizes incognito-related differences at the browser engine level:
 
 4. **Timing consistency.** Storage operation timing is normalized to match profile expectations across both browsing modes.
 
+5. **`X-Client-Data` header consistency.** With [`--bot-enable-variations-in-context`](../../../CLI_FLAGS.md#behavior--protection-toggles) (ENT Tier2), incognito contexts send `X-Client-Data` headers on Google domains, same as regular browsing.
+
 ---
 
 <a id="common-scenarios"></a>

docs/guides/getting-started/CLI_RECIPES.md

@@ -314,11 +314,18 @@ chromium-browser \
 ### 20. Pre-populate bookmarks and browsing history
 
 ```bash
+# Random history (2-7 entries)
 chromium-browser \
   --bot-profile="/path/to/profile.enc" \
   --bot-bookmarks='[{"title":"Example","type":"url","url":"https://example.com"}]' \
   --bot-inject-random-history \
   --user-data-dir="$(mktemp -d)"
+
+# Precise history count (15 entries, history.length = 16)
+chromium-browser \
+  --bot-profile="/path/to/profile.enc" \
+  --bot-inject-random-history=15 \
+  --user-data-dir="$(mktemp -d)"
 ```
 
 ---

docs/guides/identity/HISTORY_SEEDING.md

@@ -22,16 +22,26 @@ A browser with no browsing history lacks the session state of a normally used br
 
 The `--bot-inject-random-history` flag tells BotBrowser to inject synthetic browsing history entries at startup. This populates `window.history.length` and related navigation state with realistic values, making the session consistent with a browser that has been in use over time.
 
+The flag supports two modes:
+- **Random mode** (`--bot-inject-random-history` or `=true`): Injects a random number of entries (2-7), producing a `history.length` of 3-8.
+- **Precise mode** (`--bot-inject-random-history=15`): Injects exactly the specified number of entries, producing a `history.length` of N+1 (e.g., 15 entries = `history.length` of 16).
+
 ---
 
 <a id="quick-start"></a>
 
 ## Quick Start
 
 ```bash
+# Random mode (2-7 entries)
 chromium-browser \
   --bot-profile="/path/to/profile.enc" \
   --bot-inject-random-history
+
+# Precise mode (exactly 15 entries, history.length = 16)
+chromium-browser \
+  --bot-profile="/path/to/profile.enc" \
+  --bot-inject-random-history=15
 ```
 
 ```javascript
@@ -42,15 +52,15 @@ const browser = await chromium.launch({
   headless: true,
   args: [
     "--bot-profile=/path/to/profile.enc",
-    "--bot-inject-random-history",
+    "--bot-inject-random-history=15", // Or omit "=15" for random mode
   ],
 });
 
 const page = await browser.newPage();
 await page.goto("https://example.com");
 
 const historyLength = await page.evaluate(() => window.history.length);
-console.log("History length:", historyLength); // Greater than 1
+console.log("History length:", historyLength); // 16 with =15, or 3-8 with random mode
 
 await browser.close();
 ```
@@ -63,18 +73,19 @@ await browser.close();
 
 1. **History generation.** When the flag is enabled, BotBrowser injects a set of synthetic navigation entries into the browser's session history before the first page load.
 
-2. **Realistic values.** The injected history produces a `window.history.length` value consistent with normal browsing patterns.
+2. **Realistic values.** The injected history produces a `window.history.length` value consistent with normal browsing patterns. In random mode, `history.length` ranges from 3 to 8. In precise mode, `history.length` equals the specified count plus one.
 
 3. **Session scope.** History injection applies to each new session. The injected entries do not persist beyond the session lifetime.
 
 ### Configuration via profile
 
-You can also enable history injection through the profile JSON instead of the CLI flag:
+You can also enable history injection through the profile configuration instead of the CLI flag:
 
-```json
+```jsonc
 {
   "configs": {
-    "injectRandomHistory": true
+    "injectRandomHistory": true    // Random mode (2-7 entries)
+    // "injectRandomHistory": 15   // Precise mode (15 entries)
   }
 }
 ```
@@ -142,6 +153,7 @@ await page.goto("https://example.com");
 |---------|----------|
 | `window.history.length` is still 1 | Ensure `--bot-inject-random-history` is in the `args` array, not as a separate option. |
 | History not injected with PRO license | Verify your license is active. Check the BotBrowser console output for license errors. |
+| Precise count not working | Use `=` syntax: `--bot-inject-random-history=15`. The value must be between 1 and 25. |
 
 ---
 

profiles/PROFILE_CONFIGS.md

@@ -92,7 +92,8 @@ All configurations are embedded in the `configs` field inside your profile JSON
 | `location`                      | `auto` = IP-based (default); `real` = system GPS; custom coordinates (ENT Tier1). | `auto`    |
 | `browserBrand` (ENT Tier2, webview requires ENT Tier3)    | Override for `navigator.userAgentData.brands` and related UA fields. Supports chromium, chrome, edge, brave, opera, webview. | `chrome`    |
 | `brandFullVersion` (ENT Tier2)| Optional brand-specific full version string for UA-CH tuples (Edge/Opera cadences). | `""`    |
-| `injectRandomHistory` (PRO feature) | Optionally adds synthetic navigation history for fingerprint protection in browser state testing. | `false`    |
+| `injectRandomHistory` (PRO feature) | Adds synthetic navigation history for session authenticity. Accepts `true` (random 2-7 entries), a number for precise control (e.g., `15` for `history.length` of 16), or `false` to disable. | `false`    |
+| `enableVariationsInContext` (ENT Tier2) | Include `X-Client-Data` headers in incognito browser contexts for Google domains, same as regular browsing. | `false`    |
 | `disableDebugger`               | Prevents unintended interruptions from JavaScript debugger statements during fingerprint protection workflows. | `true`     |
 | `keyboard`                      | Choose keyboard fingerprint source: `profile` (emulated from profile) or `real` (use system keyboard). | `profile` |
 | `mediaTypes`                    | Media types behavior: `expand` (prefer local decoders), `profile` (profile-defined list), `real` (native system). | `expand` |
@@ -274,9 +275,13 @@ These fields work together with `--user-agent` CLI flag. BotBrowser auto-generat
     // brandFullVersion: optional brand-specific full version string for UA-CH tuples when the vendor’s cadence diverges
     "brandFullVersion": "142.0.3595.65",
 
-    // injectRandomHistory: Optionally adds synthetic navigation history for fingerprint protection in browser state testing
+    // injectRandomHistory: Adds synthetic navigation history for session authenticity
+    // Accepts true (random 2-7 entries), a number (e.g. 15), or false
     "injectRandomHistory": false,
 
+    // enableVariationsInContext (ENT Tier2): Include X-Client-Data headers in incognito contexts for Google domains
+    "enableVariationsInContext": false,
+
     // disableDebugger: Prevents unintended interruptions from JavaScript debugger statements during fingerprint protection workflows
     "disableDebugger": true,