AllNewImprovedFixed
Improved

Sessions live as long as their clearance actually does

Auto used to ratchet a host's session TTL downward on every replay failure, even when the failure didn't reflect a real cookie expiry. Sessions kept getting evicted and re-solved while their cookies still worked. The TTL now grows on aged successes and only retreats on real expirations, so a learned session for a Cloudflare-cleared host can carry across several minutes instead of dying after the first 403.

Fixed

Browser captures the real status after Cloudflare clears

When a Cloudflare-protected target served a real geo-block page (451) after the challenge passed, the Browser product was reporting it as a 200 because the watcher hardcoded the cleared status. The watcher now reads the actual post-clearance Document, so a 200 stays 200, a 451 surfaces as 451, and Auto rejects the wrong content and keeps searching for an exit that genuinely matches your validate rules.

Improved

Auto sessions adapt to portable or pinned

Auto sessions now adapt to what each target needs. Sites without interactive challenges run as portable sessions where cookies ride the proxy pool, so rotation and failover come automatically. Sites that bind their unlock to one exit (interactive Cloudflare being the main one) get pinned with a per-clearance concurrency cap, so a burst of replays can't burn through your unlock.

Improved

Stored Activity payloads always show the opaque proxy ID

We tightened proxy redaction in stored request payloads. Before, an internal upstream proxy address could leak into the Activity log preview when the original request was mutated for forwarding. Now any raw proxy URL in a stored payload is replaced with the opaque proxy ID (or with [redacted-proxy] if there's no ID to restore). The visible response was already opaque; this closes the same loop on the request preview.

Fixed

Cmd+K opens on non-Latin keyboards

The Cmd+K (Ctrl+K) shortcut now opens the command palette and search modal regardless of keyboard layout. We were matching the typed character (к on a Cyrillic layout), so anyone on a non-Latin layout got nothing. Now we match the physical key. Fixed across the main site, the blog, and the docs.

New

Six new languages, 13 total

Spanish, French, Japanese, Korean, Portuguese, and Russian joined the existing seven languages. The main site, the blog, the docs, and this Updates Portal all read in 13 languages now. Pick from the globe switcher in the header; your choice carries across surfaces via a shared cookie.

New

Auto endpoint in the Dashboard playground

The Dashboard playground now has an Auto tab. Paste a URL, hit Send, watch Auto crack it. You can set your own success criteria via the Validate group, and a URL history typeahead suggests previously-used URLs as you type (one shared list across all endpoints, capped at the last 50). Non-applicable fields hide per engine, so each tab shows only the inputs it actually uses.

Fixed

Auto requests stop 504-ing on cold solves

A cold Auto solve can run several minutes (proxy grind plus a browser solve). Our HTTP edge was capping requests at 2 minutes and returning a plain HTML 504, so the longest solves looked like a gateway failure even when the orchestrator was still working. We extended the edge timeout past Auto's worst-case run and switched /api/ error pages to JSON, so any error from any layer reads as JSON your client can parse.

Improved

Auto returns session and trace by default

Every Auto response now carries a meta object (which rung won, whether a challenge was solved, attempt count, total credits) plus the working session (proxy, cookies, userAgent) so you can see what cracked the target and replay it yourself. The session.proxy field is the opaque base36 proxy ID, never a raw address. Set returnSession: false if you don't want the session in the response.

Fixed

Auto amortizes to 2 credits on repeat requests

Cookie-reusable sites (bet365 was the canary) were sticking on the expensive browser solve at 15 credits per request instead of dropping to the cheap 2-credit replay after the first solve. Two bugs: the latch fired on any transient transport error, and a successful browser replay never refreshed the session cookies. Fixed both. Repeat requests on a cookie-reusable site now cost 2 credits after the first solve, exactly as the pricing implies.

Improved

Auto cracks more challenge types

Auto now handles non-interactive Cloudflare challenges (the "Checking your browser" wall some protected sites serve) end-to-end, instead of returning the challenge page as if it were content. Two related cases also got fixed: a transport 200 hiding a challenge interstitial now escalates to a real solve, and a challenge that re-serves the wall after dropping a clearance cookie now reloads and pulls the real content. Marathonbet is the headline site that newly passes; vinted and a few other interstitial-on-200 targets also benefit.

Improved

Playground refresh, Reset, and on-demand carries

Refreshing the Playground no longer flashes the static state before yours reappears. A new Reset button (behind a confirm) clears all three request tabs, cookies, and carried proxies in one go. A response can now also carry its proxy ID or User-Agent into the next request when you ask for it, instead of auto-applying behind your back.

New

See what every request costs in credits

Every API response now carries an x-foura-credits header showing what that call cost. A new Budget view in the Dashboard breaks credit spend down by API key, domain, and client IP with a timeline chart, and the Playground shows the same on each response so you can size a workload before scaling it up.

New

FourA Blog reads in seven languages

Every post on the blog now renders in English, Bulgarian, German, Polish, Vietnamese, Chinese, and Arabic. Code blocks, markdown, and links are preserved, and search returns localized titles.

Improved

Responses echo the proxy that handled them

Each Single response now includes the proxy ID that handled the request, and Browser responses do the same. Useful for chained calls that need to stick to the same proxy.