Last updated: March 2026 · 8 min read

Most people know that cookies track you online. Many people also know that a VPN can hide their IP address. But there's a third form of online tracking that very few people are aware of — one that persists even if you clear your cookies, use a VPN, browse in incognito mode, or switch browsers. It's called browser fingerprinting, and it's one of the most powerful tracking techniques in widespread use today.

What Is a Browser Fingerprint?

A browser fingerprint is a unique identifier created from a collection of technical details about your browser and device. On their own, each piece of information seems mundane. But combined, they create a profile that is often unique to a single device out of millions.

When you visit a website, your browser reveals a remarkable amount of information automatically:

• Your browser name and version (e.g., Chrome 121)
• Your operating system and version (e.g., Windows 11, macOS Sonoma)
• Your screen resolution and colour depth
• Your timezone and language settings
• The fonts installed on your device
• Your graphics card and its capabilities (via WebGL)
• Whether you have cookies and JavaScript enabled
• Your browser plugins and extensions
• How your device renders specific graphics (canvas fingerprinting)
• Your CPU architecture and number of processor cores
• The amount of RAM your device has

Each of these attributes is individually common. Millions of people use Chrome on Windows. But the specific combination — Chrome 121, Windows 11, 2560×1440 resolution, 12 processor cores, 16GB RAM, UK English, specific font list, specific WebGL renderer — creates a profile that may be completely unique to your device.

How Is This Different from a Cookie?

Cookies work by storing a small file on your computer that identifies you when you return to a site. They're effective, but they have limitations: you can delete them, block them, or refuse them (as GDPR cookie banners invite you to do).

Browser fingerprinting is fundamentally different:

• Nothing is stored on your device. The fingerprint is constructed from information your browser sends automatically, every time.
• You can't delete it. There's nothing to clear.
• It persists across private/incognito mode. Incognito mode doesn't change your hardware or software configuration.
• It persists across different browsers. If you use Chrome and Firefox on the same device, a sufficiently detailed fingerprint can link both to the same machine.
• It survives cookie consent popups. Choosing "Reject All" on a cookie banner doesn't prevent fingerprinting.

What Is Canvas Fingerprinting?

Canvas fingerprinting is one of the most reliable fingerprinting techniques. Here's how it works:

A website runs a hidden piece of JavaScript that draws an invisible image using the browser's HTML5 Canvas API. The image typically contains a specific combination of text, shapes, and gradients. Due to subtle differences in graphics hardware, drivers, operating systems, and fonts, the way each device renders this invisible image differs very slightly — but consistently. The site then hashes this rendering output into a unique identifier.

This technique is particularly difficult to defeat because the differences are baked into hardware and operating system rendering. Even two identical models of laptop will often produce slightly different canvas fingerprints due to differences in driver versions and configuration.

Who Uses Browser Fingerprinting?

Fingerprinting is used by a wide range of organisations:

• Advertising networks: To track users across websites without cookies, building advertising profiles.
• Fraud prevention systems: Banks and payment processors use fingerprinting to detect when a new device is being used with existing credentials.
• Analytics platforms: To count unique visitors more accurately than cookies allow.
• Streaming services: To enforce account sharing limits and regional restrictions.
• Data brokers: To link browsing activity across sites and build comprehensive profiles.

Is Browser Fingerprinting Legal?

In the UK and EU, the legal status of fingerprinting is complicated. Under GDPR and the UK PECR (Privacy and Electronic Communications Regulations), storing identifiers on a user's device requires consent — hence cookie banners. However, fingerprinting doesn't store anything on the device, so it falls into a grey area.

The ICO (Information Commissioner's Office) has stated that fingerprinting for tracking purposes does require a lawful basis under GDPR, and that it cannot be used without user knowledge or a valid legal ground. In practice, enforcement has been limited.

How to Check Your Browser's Fingerprint Exposure

GoIPScan's Browser Privacy Analyzer shows you the key attributes your browser is currently exposing — including screen resolution, hardware information, timezone, language, and WebRTC IP data. While it doesn't provide a full fingerprint hash, it shows you the building blocks that fingerprinting systems use.

How to Reduce Browser Fingerprinting

Completely eliminating fingerprinting is very difficult, but you can meaningfully reduce its effectiveness:

Use a Privacy-Focused Browser

Brave is the most fingerprint-resistant mainstream browser. It randomises canvas fingerprints, blocks third-party trackers by default, and implements fingerprint noise to make your browser appear less unique. Firefox with the right settings is also effective. Both are free.

Use Browser Extensions

• uBlock Origin: Blocks most fingerprinting scripts from running at all.
• Privacy Badger: Learns and blocks invisible trackers.
• Canvas Blocker (Firefox): Specifically targets canvas fingerprinting.

Use Tor Browser

The Tor Browser is specifically designed to make all users look identical — it standardises screen sizes, disables JavaScript by default, and takes many other steps to reduce fingerprint uniqueness. This comes at the cost of convenience and speed.

Reduce Installed Fonts and Plugins

Unusual fonts and plugins make your fingerprint more unique. Keeping a minimal browser installation reduces distinctiveness.

Combine with a VPN

A VPN hides your IP address but doesn't affect fingerprinting directly. However, combining a VPN with anti-fingerprinting measures provides stronger overall privacy — the VPN handles network-level tracking while the browser settings address fingerprinting.

The Limits of Anti-Fingerprinting

It's worth being realistic. If you go out of your way to block fingerprinting — using Tor Browser, disabling JavaScript, randomising canvas — you may actually make yourself more distinctive, because most users don't do any of this. The most effective approach is often to blend into the crowd: use a common browser on a common operating system, and let anti-fingerprinting extensions handle the rest.

Frequently Asked Questions

Does incognito mode prevent fingerprinting?

No. Incognito mode prevents your browser from saving local history and cookies, but it doesn't change your hardware configuration or software versions — the core ingredients of a fingerprint.

Does a VPN prevent fingerprinting?

No. A VPN hides your IP address but has no effect on browser fingerprinting. The fingerprint is constructed from browser and device attributes, not your IP.

Can I see my own browser fingerprint?

Yes. Tools like AmIUnique and Coveryourtracks (by the EFF) will show you your browser fingerprint and tell you how unique it is compared to other visitors to their site. The results can be eye-opening.