Anthropic Detects Third-Party Clients Through System Prompt Analysis, Not Headers or TLS

Summary

A detailed technical investigation has revealed how Anthropic detects and blocks third-party clients accessing Claude through the API. Contrary to initial assumptions, the detection mechanism is not based on HTTP headers, User-Agent strings, or TLS fingerprinting techniques like JA3/JA4. Instead, Anthropic performs server-side pattern matching and analysis of the system prompt content included in API requests.

The researcher demonstrated through systematic experimentation that Anthropic specifically analyzes the static portion of system prompts sent in request bodies. When a custom system prompt from tools like OpenCode or Aider is replaced with Claude Code's authentic system prompt structure, requests pass through without triggering the "third-party apps" block. Notably, the runtime sections of system prompts (environment variables, directory listings, skills, custom instructions) can remain completely custom without triggering detection—only the static prompt structure matters.

The findings suggest Anthropic likely uses pattern matching against known Claude Code prompt structures, embedding similarity classification, or detection of specific anchor phrases that should be present in legitimate Claude Code requests. This detection happens on a per-request basis rather than at the account level, allowing the same authenticated account to work normally through Claude Code or Claude Desktop while being blocked through third-party clients.

• Third-party developers can potentially circumvent detection by substituting only the static prompt portion while preserving their custom runtime sections