Cross-browser fingerprinting is the practice of recognising a single physical device across multiple browser engines, such as Chrome, Firefox, and Safari, by using only hardware-bound signals that produce the same output regardless of which browser is running. Engine-bound signals like canvas rendering cannot contribute because they change between browser engines.
Standard browser fingerprinting targets one browser: the same machine produces a different canvas hash in Chrome than in Firefox because each engine ships its own rendering pipeline. Cross-browser fingerprinting selects signals that are anchored to the physical hardware rather than the engine, such as GPU identity, platform architecture, and media device configuration, so the fingerprint is stable across browsers.
This distinction matters for fraud detection and visitor identification: a user who switches browsers to evade recognition is still identifiable by hardware-bound signals even though engine-bound signals have changed. Cross-browser device matching closes a common gap in browser-fingerprint-only systems.
In doorman-benny
doorman-benny exposes cross-browser recognition through the `hardwareFingerprint` field, built exclusively from hardware-bound signals so it matches the same device regardless of which browser produced it.
Cross-browser matching without a serverFrequently asked questions
Which signals work for cross-browser fingerprinting?
Signals must be hardware-bound, meaning they reflect physical device characteristics rather than browser-engine behaviour. GPU renderer strings, platform architecture, and certain media device properties qualify; canvas pixel hashes and font rendering metrics typically do not because they vary per engine.
Does cross-browser fingerprinting work across mobile and desktop?
In principle yes, but mobile browsers often restrict hardware APIs more aggressively than desktop browsers. The subset of hardware-bound signals available on mobile is smaller, so cross-browser device matching on mobile has lower confidence than on desktop.
Can a user defeat cross-browser fingerprinting by switching browsers?
Switching browsers changes the engine-bound signals but not the hardware-bound ones. A cross-browser fingerprint built from hardware signals will still match across the switch. Anti-detect browsers attempt to spoof even hardware signals, but inconsistencies between forged values are detectable.
