# DPI Resistance Improvement Benchmark

**Date**: 2026-02-20 16:26
**Baseline**: VLESS+XHTTP+Reality, fingerprint=chrome, SNI=www.delfi.lv, path=/xt-6036d37d
**Latency samples per test**: 20
**Jitter**: standard deviation of latency samples

## Results

| Test | Avg ms | P95 ms | Jitter ms | DL Mbps | UL Mbps | Notes |
|------|--------|--------|-----------|---------|---------|-------|
| 0-baseline | 76ms | 95ms | 5ms | 38.7 | 4.0 | Current active config |
| 1-fp-randomized | 75ms | 89ms | 3ms | 33.5 | 3.6 | uTLS fingerprint rotated per connection |
| 2-fp-firefox | 73ms | 76ms | 0ms | 24.5 | 2.8 | Firefox uTLS profile |
| 3-fragment-chain | 75ms | 79ms | 2ms | 30.4 | 3.2 | TLS ClientHello split 100-200B + micro-frag 1-5B |
| 4-host-header | 74ms | 77ms | 1ms | 27.6 | 3.8 | HTTP Host header = www.delfi.lv |
| 5-realistic-path | 74ms | 87ms | 3ms | 31.2 | 3.8 | Path=/api/v2/stream + Host header |
| 6-sni-eklase | 73ms | 78ms | 1ms | 30.7 | 2.3 | SNI switched to e-klase.lv |
| 7-sni-lmt | 75ms | 80ms | 1ms | 26.3 | 4.0 | SNI switched to www.lmt.lv |
| 8-bbr-enabled | 74ms | 82ms | 2ms | 31.3 | 3.4 | BBR congestion control on remote |

## Applied Improvements

After benchmarking, the following were applied permanently to the local x-ui config:
- `juris-xhttp` (chrome): host header `www.delfi.lv` — primary outbound
- `juris-xhttp-firefox` (firefox): host header `www.delfi.lv` — low-jitter alternate
- `juris-xhttp-safari` (safari): host header `www.delfi.lv` — fingerprint diversity

> **Note**: `fingerprint=randomized` was NOT applied. Reality's anti-probing rejects random TLS
> fingerprints (connection reset by peer). Only named browser profiles are accepted.

## What Each Test Changes
- **fingerprint=randomized**: uTLS fingerprint rotated per connection — defeats fingerprint-based blocking
  ⚠️ **Incompatible with Reality** — triggers anti-probing protection, connection reset
- **fingerprint=firefox**: Firefox uTLS profile instead of Chrome
- **fragment chain**: TLS ClientHello split into 100-200B chunks, then micro-fragmented 1-5B + noise — defeats handshake DPI
- **host header**: Sets HTTP `Host:` header to match SNI — makes request look more legitimate
- **realistic path**: Changes XHTTP path from synthetic to `/api/v2/stream` with matching host header
- **SNI e-klase.lv / lmt.lv**: Alternative SNIs from previous benchmark (dest stays www.delfi.lv)
- **BBR**: Linux BBR congestion control + larger TCP buffers on remote — improves throughput under loss