Original feature purpose:
The method getClientRects of a DOM element
returns DOMRect objects which reveal bounding rectangles of CSS border boxes. A DOMRect object comprises the height, width, left, right, top, bottom and, depending on the browser,
the x and y values of the element.
For more details see, e.g., MDN web docs
The DOMRect information of a specific DOM element is available by default and can be read out without any privileges.
The values are provided with an accuracy of up to 16 decimal places or special values in edge cases.
For example, values generated through scale operations with large scale factors like
transform: scale(100000000000000000000009999999999999.99, 1.89)
will result in various different outputs:
A Firefox version:
A Chrome version:
An Internet Explorer Version:
The getClientRects fingerprint is hashed information from multiple DOMRect objects,
where each object represents a different scenario, such as (vendor specific) transformations,
caption tests and translations (with hardware acceleration; GPU instead of CPU).
Demo: >> Jump to getClientRects Fingerprinting Demo <<
js, js-attrib, software-dependent, consistent
The method getClientRects
is supported by almost all browsers and the browser settings do not allow to change readout permissions or accuracies.
The best solution (for the future) should be an internal browser feature, which limits the fingerprinting surface of the DOMRect object,
which all browser vendors agree to implement in the same way.
But this would be a non-trivial task, because there need to be considered many browser-specific dependencies. And old browser versions will remain unprotected.
Browser Addons, which block or spoof DOMRect objects should be used with causion, because these may not reduce your DOMRect fingerprintability,
but make you more unique (in combination with other fingerprinting techniques) instead. For instance, a Firefox browser spoofing Chrome values or fake values,
which will not be reproduced by any other real browser. This would also lead to layout or feature errors, if websites rely on DOMRect information for their website design or other features.