Glossary
Plain-language definitions of fingerprinting terms for developers and security teams. 20 terms published.
Threat
An anti-detect browser is a specialised browser built to forge or randomise the signals that fingerprinting systems read, such as canvas output, GPU renderer strings, and platform metadata, so that each session appears to come from a different, plausible device. They are used to create multiple independent identities from a single machine.
Technique
Audio fingerprinting uses the Web Audio API to process a synthesised signal through the browser's audio stack and measures the tiny floating-point differences in the output caused by the device's DSP implementation, audio driver, and CPU. No audible sound is played; the technique works entirely on in-memory audio buffers.
Threat
Bot detection is the practice of distinguishing automated, non-human web traffic from genuine human visitors by analysing browser environment signals, interaction patterns, and hardware characteristics. It protects applications from credential stuffing, content scraping, inventory hoarding, ad fraud, and other automated abuse.
Core
Browser fingerprinting is the practice of identifying a web browser by combining many small configuration and capability signals, such as screen size, time zone, installed fonts, and rendering quirks, into a single identifier. No one signal is unique, but the combination is distinctive enough to recognise the same browser across visits without using cookies.
Technique
Canvas fingerprinting is a browser-fingerprinting technique that asks the browser to draw text or graphics on an HTML5 canvas, then reads the rendered pixels back as a hash. Because GPUs, graphics drivers, fonts, and anti-aliasing differ between devices, the same drawing produces subtly different output, yielding an identifier that distinguishes one browser from another.
Concept
Cookieless identification is the practice of recognising a browser or device without writing or reading any persistent browser storage. Instead of a stored identifier, it derives a consistent value from observable characteristics of the browser or device, such as rendering output, hardware properties, or installed capabilities, that are present on every visit.
Concept
Cross-browser fingerprinting is the practice of recognising a single physical device across multiple browser engines, such as Chrome, Firefox, and Safari, by using only hardware-bound signals that produce the same output regardless of which browser is running. Engine-bound signals like canvas rendering cannot contribute because they change between browser engines.
Concept
Deterministic matching compares two fingerprints by checking whether they are exactly identical, giving a definitive yes or no. Probabilistic matching instead computes a similarity score that accounts for minor signal drift caused by OS updates, browser upgrades, or hardware changes, producing a confidence level rather than a binary result.
Core
A device fingerprint is an identifier derived from hardware-bound signals, such as GPU capabilities, platform architecture, and media device configuration, that stays stable across different browsers on the same machine. Unlike a browser fingerprint, which changes when the user switches browsers, a device fingerprint targets the physical device itself.
Core
A device ID is a stable identifier assigned to or derived from a specific device, used to recognise that device across sessions and visits. In web contexts where persistent storage may be cleared or unavailable, a fingerprint computed from hardware-bound signals can serve as a cookieless device ID that survives browser resets.
Concept
Fingerprint entropy measures how much identifying information a signal or set of signals carries, expressed in bits. One bit of entropy halves the pool of possible matches; the more bits a fingerprint accumulates across independent signals, the smaller the fraction of the population that shares that fingerprint, and the more uniquely identifying it becomes.
Technique
Font fingerprinting identifies a device by probing which fonts are installed or how text renders at a metric level. The set of installed fonts is shaped by the operating system, installed applications, and user customisation, making it a distinctive signal that varies across devices even when other browser settings are shared.
Concept
Fuzzy fingerprint matching is a similarity-based approach that scores how closely two fingerprints agree, rather than requiring exact equality. It is designed to recognise the same device across visits even when a browser update, OS change, or minor hardware variation has altered a subset of signals since the fingerprint was first collected.
Concept
Hardware fingerprint and engine fingerprint are two complementary identifiers derived from different kinds of signals. Engine-bound signals, such as canvas rendering output, vary between browsers on the same device because each engine ships its own pipeline. Hardware-bound signals, such as GPU identity and platform architecture, reflect the physical device and remain consistent across browser engines.
Threat
A headless browser is a web browser that runs without a graphical user interface, driven entirely by code through a programmatic API. Headless browsers are widely used for test automation, web scraping, and rendering pipelines, but they are also common in credential stuffing, bot-driven fraud, and other automated abuse because they can execute JavaScript like a real browser.
Threat
Incognito detection is the practice of identifying whether a browser session is running in private or incognito mode. Private browsing changes storage behaviour and clears history on exit, but it does not change hardware signals, so certain API behaviours differ from a normal session in detectable ways. The result is informational context, not a direct fraud signal.
Threat
Multi-accounting is the practice of one person or device operating multiple accounts on the same platform, in violation of the platform's terms of service. Common motives include claiming welcome bonuses multiple times, amplifying votes or reviews, evading a ban, or scaling up fraud operations beyond the limits imposed on a single account.
Threat
Signal spoofing is the deliberate forgery or alteration of browser and device signals to mislead fingerprinting and fraud detection systems. Attackers intercept or override web API responses to return synthetic values that impersonate a different device, browser, or user profile, with the goal of evading identification or minting fresh identities.
Core
Visitor identification is the practice of recognising a returning user without requiring a login or relying on cookies or other persistent storage. Fingerprinting techniques derive a stable identifier from the browser or device itself, enabling recognition even after cookies are cleared or in private-browsing sessions.
Technique
WebGL fingerprinting extracts device-specific information by rendering 3D graphics through the browser's WebGL API and reading back the pixel output, alongside reported GPU parameters such as renderer string and vendor. Differences in GPU hardware, driver versions, and rendering pipelines cause the same scene to produce subtly different results across devices.
