What Is Browser Fingerprinting? Tracking Without Cookies
Browser fingerprinting is a tracking technique that identifies you by collecting and combining unique attributes of your web browser and device, such as screen resolution, installed fonts, timezone, language settings, GPU model, audio rendering characteristics, and dozens of other data points. Unlike cookies, which can be deleted, browser fingerprints are nearly impossible to avoid because they’re derived from how your browser naturally functions. A website doesn’t need to store anything on your device; it just reads the configuration information your browser already provides.
How It Works
Every time you visit a website, your browser reveals information about itself through JavaScript APIs and HTTP headers. Individually, each piece of data is unremarkable. But combined, they create a unique profile:
- Screen resolution and color depth: 1920x1080 at 24-bit? Common. 2560x1440 at 30-bit? Less common.
- Installed fonts: Your specific combination of 300 to 500 fonts is nearly unique
- Browser plugins: Which extensions are installed and their versions
- Timezone and language:
America/Chicagowithen-US? One combination of hundreds - GPU/WebGL: Canvas rendering produces slightly different results on different hardware
- Audio fingerprinting: The Web Audio API processes audio signals differently across hardware
- User-Agent string: Browser name, version, and OS
- HTTP headers: Accept, Accept-Language, Accept-Encoding order
- Touch support, device pixel ratio, hardware concurrency (CPU cores): More signals
A fingerprinting script combines all these into a hash. If that hash matches across sessions, searches, and even different IPs, the tracker knows it’s the same browser.
Why It Matters
Cookie-based tracking is dying. GDPR consent requirements, browser cookie restrictions (Safari’s ITP, Firefox ETP), and growing ad blocker usage have made cookies unreliable for trackers. Browser fingerprinting fills that gap.
Unlike cookies, fingerprints:
- Can’t be deleted by clearing browser data
- Don’t require consent to compute (no cookies to warn about)
- Work across private/incognito mode (your hardware and configuration don’t change)
- Survive browser restarts, cache clearing, and even VPN connections
Major advertising networks, fraud detection services, and analytics platforms use fingerprinting, often alongside cookies for redundancy.
Defense Strategies
Tor Browser: The most effective defense. All Tor Browser instances present identical fingerprints, making individual users indistinguishable from each other.
Brave Browser: Includes anti-fingerprinting features that randomize certain attributes, making your fingerprint inconsistent across sessions.
Firefox with resist fingerprinting: Set privacy.resistFingerprinting = true in about:config. This normalizes many fingerprinting signals but may break some websites.
Browser extensions: Privacy Badger, uBlock Origin (with advanced settings), and CanvasBlocker can limit fingerprinting information.
Multiple browsers: Use different browsers for different activities so your fingerprint isn’t consistent.
The uncomfortable truth: complete fingerprinting prevention is hard without significant usability tradeoffs. The best practical approach is using a combination of anti-fingerprinting browsers, extensions, and minimizing JavaScript execution on untrusted sites.
Test It Yourself
Check Your Digital Footprint
See what information your browser reveals about you, including your IP, user agent, and more.