What Is Browser Fingerprinting?
Browser fingerprinting is a tracking technique that identifies and re-identifies users based on the unique combination of attributes reported by their browser and device - Without using cookies. When dozens of individually common attributes are combined, the resulting fingerprint is statistically unique enough to track individuals across websites and sessions - Even across a VPN or IP change. Check your own fingerprint with our browser fingerprint tool.
Data Points Used in Browser Fingerprints
| Attribute | How It's Collected | Uniqueness Contribution |
|---|---|---|
| User-Agent string | HTTP header sent automatically | Medium |
| Screen resolution & color depth | JavaScript: screen.width, screen.colorDepth | Medium |
| Installed fonts | Canvas rendering or CSS font-face tests | High |
| Canvas fingerprint | Render a hidden canvas; GPU & driver produce unique pixel output | Very High |
| WebGL renderer info | JavaScript: WebGL RENDERER and VENDOR strings | High |
| Audio context fingerprint | Render a silent audio signal; floating-point differences are unique | High |
| Timezone & language | JavaScript: Intl.DateTimeFormat, navigator.language | Low–Medium |
| Browser plugins | navigator.plugins list | Medium (less now due to deprecation) |
| TCP/IP fingerprint | OS-level network stack timing and TTL values | Medium |
| Battery status | Battery API (deprecated in most browsers) | Low |
How to Reduce Your Fingerprint
- Use Firefox with the Resist Fingerprinting setting enabled (privacy.resistFingerprinting = true in about:config) - It normalizes most attributes.
- Use the Tor Browser - It is purpose-built to make all users look identical.
- Install uBlock Origin - It blocks many fingerprinting scripts before they execute.
- Avoid installing unusual fonts or browser extensions - Each one makes your fingerprint more unique.
- Use a VPN to mask your IP, but understand that fingerprinting works without it - Both protections are complementary. Verify your VPN isn't leaking with our VPN leak test.
Fingerprinting vs Cookies
Unlike cookies, fingerprinting leaves nothing on your device, cannot be cleared, and works in private browsing mode. It is harder to detect and harder to block because it uses legitimate browser APIs. The most effective protection is browser-level normalization that makes your browser look like everyone else's, rather than blocking individual tracking attempts. WebRTC is another browser API that can leak your real IP even through a VPN.
How a Fingerprint Is Built: Entropy
Trackers measure each attribute by its entropy - How many bits of identifying information it contributes. One bit halves the population you could be: knowing your timezone might be worth ~3 bits, your screen size ~5, your font list ~7, a canvas hash considerably more. The bits add up, and around 33 bits is enough to single out one person among the world's online population. No single attribute identifies you; the combination does, which is why blocking one API barely helps while normalising many at once does.
Why your fingerprint stays stable
Cookies can be deleted; your GPU, fonts, and OS version change rarely. Fingerprinting libraries also use fuzzy matching, so a browser update that shifts one attribute still links to your previous profile. That persistence - Across private windows, cookie purges, and even IP changes - Is exactly what makes the technique valuable to trackers and fraud-detection systems alike.
Step by Step: Test Your Own Fingerprint
| Step | Action |
|---|---|
| 1 | Open the browser fingerprint tool and review every attribute your browser reports - User agent, screen, canvas, WebGL, fonts, and more |
| 2 | Repeat the test in a private/incognito window - Notice that the fingerprint barely changes, proving private mode is not anonymity |
| 3 | Repeat with your VPN on - The IP changes, the fingerprint does not. See the full picture of what sites can read in the browser data leak FAQ |
| 4 | Enable a defence (Brave, Firefox protections, or Tor Browser) and re-test to confirm the attributes are now blocked or randomised |
Fingerprinting Defences Compared
| Defence | Strategy | Strength | Trade-off |
|---|---|---|---|
| Tor Browser | Uniformity - Every user reports identical values | Strongest | Slow network, some sites block Tor |
| Brave | Randomisation ("farbling") - Canvas/audio answers change per site, per session | Strong | Occasional site breakage |
| Firefox (resistFingerprinting) | Uniformity - Normalised timezone, canvas prompt, rounded window size | Strong | Breaks timezone-dependent sites |
| Standard Chrome/Edge/Safari | Partial mitigations only (Safari limits some APIs) | Weak | None - Default experience |
| Anti-fingerprinting extensions | Spoof individual values | Weak–Counterproductive | Inconsistent spoofing can make you more unique |
What This Means for You
Fingerprinting changes what "private browsing" means. Clearing cookies, going incognito, or switching IPs interrupts the easy trackers but not this one - Your browser's shape gives you away. The good news is that the defence is a one-time choice, not a routine: pick a browser whose engine actively resists fingerprinting (Tor for maximum protection, Brave or hardened Firefox for daily use), keep extensions minimal, and let your VPN handle the network layer while the browser handles the device layer. Neither substitutes for the other - They close different halves of the identification problem.
Frequently Asked Questions
Is browser fingerprinting legal?
Largely yes, though regulated. Privacy laws such as the GDPR and ePrivacy rules treat fingerprinting like cookies - It requires a lawful basis and disclosure when used to identify people - But enforcement is difficult precisely because fingerprinting leaves no trace on your device. Fraud-prevention uses are generally permitted.
Does incognito or private mode stop fingerprinting?
No. Private mode discards cookies and history when the window closes, but your browser reports the same user agent, screen, fonts, canvas, and WebGL data as ever. Run a fingerprint test in both modes and you will see essentially the same identifier.
Can I make my browser completely unfingerprintable?
Not completely - Any browser must reveal something to render pages. The realistic goal is to be unremarkable: Tor Browser makes you identical to thousands of other users, while Brave and hardened Firefox randomise or normalise the high-entropy attributes so your fingerprint stops being stable enough to track.