Incognito detection is the practice of identifying whether a browser session is running in private or incognito mode. Private browsing changes storage behaviour and clears history on exit, but it does not change hardware signals, so certain API behaviours differ from a normal session in detectable ways. The result is informational context, not a direct fraud signal.
When a browser enters private mode, it restricts or clears various storage mechanisms to prevent session data from persisting. Some implementations also alter how certain storage-related APIs respond, producing measurable differences in capacity limits or error conditions that a script can observe without access to the storage content itself.
Incognito detection provides context about a session's intent rather than evidence of fraud. Many legitimate users prefer private browsing for entirely benign reasons, such as logging into a second account or browsing a sensitive topic privately. Its value in fraud detection comes from combining it with other risk signals: a session that is also headless, from a known proxy, and creating a new account is more suspicious than one that is only in private mode.
In doorman-benny
doorman-benny exposes `incognito.incognitoLikelihood` on the result object (low, medium, or high) as informational context only; the library documents that it should not be used as an input to fraud or spoofing decisions.
Incognito scoring (docs)Frequently asked questions
Does private mode prevent fingerprinting?
Private mode does not change hardware signals, GPU output, platform characteristics, or most browser capability signals. It primarily affects storage: cookies, local storage, and history are cleared on exit. A fingerprint built from hardware and rendering signals remains stable in private mode.
Should I block users in incognito mode?
No. Most users who browse privately have legitimate reasons. Incognito detection is a contextual signal that slightly elevates risk in combination with other factors, not a basis for outright blocking. Treating private browsing as inherently suspicious would create significant friction for ordinary users.
How accurate is incognito detection?
Accuracy varies by browser and version. Some browsers patch the APIs used for incognito detection, reducing reliability. A robust implementation monitors multiple independent API behaviours so that changes in one do not eliminate detection entirely. The result should be treated as a probability, not a certainty.
