Choose: Simple Style

/Tracking/Fingerprinting/Overview/

  • $ fingerprint@browserize:~ run welcome-message

    You're welcome to test fingerprinting methods

    Pick one from the list below or search for one...


  • $ fingerprint@browserize:~ |
× For example, you could search for active, passive or consistent ...


What is this site about?

║▌║▌│█║▌║│█│█║║║▌│║▌║▌║▌

Raising awareness for the privacy-sensitive topic Browser Fingerprinting is the goal of this website.
Below you can find a comprehensive list of specific fingerprinting techniques, including:

  • Explanations for each fingerprinting technique in detail,
  • Demonstration of each fingerprinting technique,
  • Fingerprinting taxonomy information (like fingerprint type and categories).
This website aims to focus on each fingerprinting technique in detail. It also presents the information and demonstrations in a way that is easy to understand, rather than giving a broad undescribed overview. Thus, the structure of this website is kept simple and each fingerprinting technique has its own subpage. There is no flooding of fingerprinting information on only one massive-to-scroll page.



Master's Thesis Evaluation

║▌║▌│█║▌║│█│█║║║▌│║▌║▌║▌

Interested in participation? You can find more details here.



Privacy Info

║▌║▌│█║▌║│█│

This website does not track you. This website is free from Third-Party Tracking websites. By accessing one of the fingerprinting links below, you agree that this website is allowed to fingerprint your browser, but only for the purpose of demonstration. You do not agree tracking for any purpose other than demonstration.

Here is a list of information temporarily safed server-side (to perform a specific fingerprinting demo):


Here is a list of information transmitted or extracted to or from your browser:
  • Order of the following six request headers [Header Signature Demo]
    • accept
    • accept-encoding
    • accept-language
    • connection
    • host
    • user-agent
  • The following headers if set [Header Signature Demo]
    • DNT
    • Referer
    • User Agent
    • Accept Charset
    • Cache Control
    • Cookie
    • Upgrade Insecure Requests
  • Firefox specific: extensive file check [chrome://-Detect Demo]
    • 1220 local client image files (based on the client's Firefox version)
    • 482 local client JavaScript files (based on the client's Firefox version)
    • 213 local client CSS files (based on the client's Firefox version)
  • PHP default session [CSS Font Fingerprinting Demo]

Here is a list of information generated locally in your browser:
  • Support rate of 298 distinct browser capability tests (e.g. Emoji support) [Feature Detection Demo]
  • Support rate of 2100 distinct browser CSS capability tests (e.g. Animation delay support) [CSS Fingerprinting Demo]
  • Result of the following WebRTC feature tests [WebRTC Fingerprinting Demo]
    • Number of speakers + unique device IDs (based on settings)
    • Number of Microphones + unique device IDs (based on settings)
    • Number of Webcams + unique device IDs (based on settings)
    • Permission test for microphone/webcam devices (based on user choice/browser)
    • Browser allows getUserMedia
    • Test to change ouput audio devices
    • Test to change camera resolutions
    • WebRTC (1.0/1.1) support test
    • ORTC support test
    • Test to replace tracks without renegotiating peers
    • Test to record remote audio or process remote audio stream in WebAudio API
    • WebSocket support tests
    • SCTP/RTP Data Channels support tests
    • Screen Capturing API support tests (video/canvas)
    • Multi-monitor selection/capturing support test
  • Result of 13 Math Routines (e.g. Math.tan(-1e308)) [Math Routines Fingerprinting Demo]
  • Battery Status API live readouts [Battery Status API Fingerprinting Demo]
    • Your system's battery charging status
    • Your system's battery charging level
    • The remaining time in seconds until your system's battery is fully charged
    • The remaining time in seconds until your system's battery is completely discharged
  • Output of the Error Object in 7 test cases [Error Message Fingerprinting Demo]
    • Error message string
    • Filename (if browser supports it)
    • Line number (if browser supports it)
    • Column number (if browser supports it)
    • Full error stack output (if browser supports it)
  • Audio signal transformation characteristics [AudioContext Fingerprinting Demo]
  • Software installed on your system during font check [Canvas Font Fingerprinting Demo]
      Exemplary software check for:
    • Microsoft Office
    • Open Office
    • TeamViewer (including its version)
    • Adobe Creative Studio (Pro)*
    • Adobe Creative Suite (CS6)*
    • Adobe InDesign (CS6)*
    • Adobe Illustrator (CS5)*
    • Droid Fonts installed
    • Using Ubuntu*
    • Using Android*
    • Using Apple products*
    • *Adobe/Android/Apple/Ubuntu application tests are non-exhaustive and may lead to false-positives
  • More than 300 WebGLRenderingContext properties (depending on your browser) [WebGL Fingerprinting Demo]
      Including these two properties:
    • WebGL Unmasked Vendor
    • WebGL Unmasked Renderer (your graphics card name + Direct3D support)
  • A maximum of 5 browser history entries [Visit History Fingerprinting Demo]
    • The Visit History Test Page
    • The Visit History Test Page with an anchor
    • https://www.google.com*
    • https://www.google.com/search?source=visit-history-test&q=click+here+to+add+this+url+to+your+search+history*
    • https://bugzilla.mozilla.org*
    • *Only if you click on these links yourself or visited them before
  • All available DOMRect properties of 10 different invocations of getClientRects [getClientRects Fingerprinting Demo]
      This includes the attributes listed below as well as a hash of each invocation:
    • DOMRect.bottom
    • DOMRect.height
    • DOMRect.left
    • DOMRect.right
    • DOMRect.width
    • DOMRect.x (depends on browser implementation)
    • DOMRect.y (depends on browser implementation)
  • 50+ test cases combined in a fingerprinting suite [JSEcho Demo]
      The following test cases are performed:
    • Window properties dump (1000+ properties, exact number depends on the browser)
    • DevicePixelRatio/ScreenColorDepth/ScreenPixelDepth values
    • 3 color gamut tests
    • Window.crypto.subtle properties dump (if available)
    • Window.performance properties dump (if available)
    • Navigator properties dump
    • Plugin Enumeration (including description, filename and MIME types)
    • AppCodeName/AppName/AppVersion/BuildID values (if available)
    • Connection Info, Network Information API (if available)
    • Cookie enabled/Java enabled
    • CredentialsContainer Interface properties (if available)
    • Device Memory/Hardware Concurrency values (if available)
    • Geolocation/Keyboard/Locks properties dump (if available)
    • Language/Languages/MaxTouchPoints/CPU Info (if available)
    • Platform/Product/ProductSub/Vendor/VendorSub (if available)
    • WebVR Support Test
    • Vendor specific Fullscreen Support Test
    • Web Speech Recognition/Synthesis Support Test
    • JavaScript Version Support Tests
    • Text-to-Speech (TTS) engines installed in your system (if available)
    • ServiceWorkerContainer properties dump (if available)
    • Time readouts (timezone offset in minutes/time format/exact string)
    • Intl.DateTimeFormat properties dump (if available)
    • System Colors readout (if available)
    • Memory Info readout (if available)
    • Progress/Meter/Button/Div HMTL Element dump
    • Style dump
    • JS Storages dumps: SessionStorage/LocalStorage/IndexedDB/OpenDatabase (if available)
    • Scrollbar Thickness (Screen/Window size, Zoom level, derived Operating System information)
    • SVGText Length (if available)
    • DRM support tests: EME, RMKSA and 34 SupportedMediaSources results
    • 2 fake adblock tests
    • Banned ports test (ports: 8118, 8123, 9050, 9051, 9060, 9061)
  • Support test results of 797 MIME types (e.g. video/mp4; codecs="avc1.42001f") [canPlayType Fingerprinting Demo]
  • All available DOMRect properties of 12 different MathML notations (e.g. Quadratic Formula) [MathML Fingerprinting Demo]
      This includes the attributes listed below as well as a hash of each invocation:
    • DOMRect.bottom
    • DOMRect.height
    • DOMRect.left
    • DOMRect.right
    • DOMRect.width
    • DOMRect.x (depends on browser implementation)
    • DOMRect.y (depends on browser implementation)
  • All available DOMRect properties of 2575 unicode emojis (e.g. ❤ [heart-emoji]) [Emoji Demo]
      This includes the attributes listed below as well as a hash of each invocation:
    • DOMRect.bottom
    • DOMRect.height
    • DOMRect.left
    • DOMRect.right
    • DOMRect.width
    • DOMRect.x (depends on browser implementation)
    • DOMRect.y (depends on browser implementation)

By using the following tests, the following ThirdParty requests (e.g. CDN) are made:
  • https://cdn.polyfill.io/ (blissfuljs Polyfill) [CSS Fingerprinting Demo]
  • https://cdn.webrtc-experiment.com (Code syntax highlighting for info boxes) [WebRTC Fingerprinting Demo]
  • STUN request to stun.services.mozilla.com and stun.l.google.com [WebRTC Fingerprinting Demo]
    • Your local IP addresses (also local VPN IP address)
    • Your public/IPv6 IP addresses
  • WebSocket ping to wss://echo.websocket.org:443 [WebRTC Fingerprinting Demo]
  • Check of the following local (network) resources [STAR-Echo Fingerprinting Demo]
    • Your router is available via 192.168.178.1 [http://192.168.178.1/favicon.ico]
    • Your router is: FRITZ!Box [http://192.168.178.1/css/default/images/kopfbalken_links.png]
    • Your FRITZ!Box has NAS support [http://192.168.178.1/nas/css/icons/icon_folder_add.svg]
    • Your FRITZ!Box has NAS support on FRITZ!OS 06.30* < FRITZ!OS 07.01 [http://192.168.178.1/nas/css/default/images/icon_ansicht_kacheln.png]
    • Your FRITZ!Box has MESH support (FRITZ!OS > 07.01) [http://192.168.178.1/css/rd/images/device_generic.svg]
    • You have FRITZ!Box 7360 [http://192.168.178.1/css/default/images/kopfbalken_mitte.gif *different size]
    • You have FRITZ!Box 7272 [http://192.168.178.1/css/default/images/kopfbalken_mitte.gif *different size]
    • You have FRITZ!Box 7170 [http://192.168.178.1/css/default/images/kopfbalken_mitte.gif *different size]
    • You have FRITZ!Box Fon WLAN [http://192.168.178.1/html/de/images/fw_header.gif]
    • You are running XAMPP with default configuration [http://localhost/dashboard/images/favicon.png]
    • You are running a server on localhost [http://localhost/favicon.ico]
    • You are running a server and VirtualBox Host-Only Network is enabled [http://192.168.56.1/favicon.ico]
    • SABnzbd is running on port 8080 [http://127.0.0.1:8080/sabnzbd/staticcfg/ico/favicon.ico]
    • SABnzbd is running on port 8082 [http://127.0.0.1:8082/sabnzbd/staticcfg/ico/favicon.ico]
    • NZBGet is running on port 6789 [http://127.0.0.1:6789/img/favicon.ico]
    • MPC-HC/BE WebServer is running on port 13579 [http://localhost:13579/favicon.png]
    • Plex is running on port 32400 [http://localhost:32400/web/favicon.ico]
    • Emby is running on port 8096 [http://localhost:8096/web/favicon.ico]
    • Subsonic is running on port 4040 [http://localhost:4040/icons/favicon.png]
    • Openfire (XMPP) is running on port 9090 [http://localhost:9090/images/login_logo.gif]
    • You are connected to a Vodafone-Hotspot [http://10.175.177.131/bayern/img/favicon.png]
    • You are connected to a SWM-Hotspot [http://172.16.93.100/119/portal/resources/_images/bg_body.jpg]
    • You are connected to MWN [https://tools.rz.ifi.lmu.de/cipconf/html/lmu.png]





What is Fingerprinting (FP)?

║▌║▌│█║▌║│█│█║║║▌│║▌║▌║║█║│║

Browser Fingerprinting is an analogy to the biological fingerprint, which is unique and can therefore be used as an identification marker. The digital fingerprint derived from browser characteristics is, in general, not nearly as strong as the biological one. But taking into account that tracking websites do not need to distinguish between all internet users (only actual visitors) or single out individuals, and it is sufficient to determine target groups, browser fingerprinting represents an alternative to cookies and therefore acts as a browser identification mechanism.

There are two main types of fingerprinting: active and passive fingerprinting.
Active fingerprinting is performed locally on the client-side in the browser, typically via JavaScript.
Passive fingerprinting completely runs server-side and is therefore possible without any client-side code execution.
JavaScript code used on sites with passive fingerprinting demonstrations is only used to display the server-side processed data.












Fingerprinting: Collection

║▌║▌│█║▌║│█│█║║║▌│║▌║▌║█║▌

Did you read the privacy info?


Fingerprinting methods based on Flash are considered outdated. While older browsers are vulnerable to Flash Fingerprinting (which makes them more unique), recent browsers abandoned Flash support and rely on HTML5, WebGL and other built-in APIs. The same applies for Java, Silverlight and similar plugins.