What Is a Browser Fingerprint and How to Prevent Tracking?
INFO
FingerprintJS Fingerprinting
A browser fingerprint refers to a nearly unique identifier created by collecting and combining various pieces of information from your browser and device — such as browser version, operating system, screen resolution, installed fonts, timezone, plugins, and Canvas/WebGL outputs.
This allows websites to recognize or track a device/browser without using cookies.
A fingerprint is not a single data point, but a combination of multiple attributes.
Common fingerprint components include:
- User-Agent
- Screen resolution / color depth
- Timezone, language / locale settings
- Installed fonts and font rendering differences
- Enabled plugins / MIME types
- Canvas / WebGL rendering output (graphics fingerprint)
- Font metrics and text anti-aliasing differences
- Audio fingerprinting (via AudioContext)
- Hardware concurrency / number of CPU cores
- Preferred table formats, localStorage / sessionStorage support
- “Do Not Track” setting and cookie availability
- WebRTC local IP (may reveal local network addresses)
When these attributes are combined, many websites can reliably identify the same browser as having the “same fingerprint.”
Characteristics of Browser Fingerprints
- They persist even if you clear cookies or use private/incognito mode.
- Used for cross-site tracking, targeted advertising, anti-fraud systems, and account linking.
- Hard to defend against: many attributes are passively exposed by the browser or hardware layer.
INFO
JA3 / JA4 Fingerprinting
JA3 fingerprinting is a technique used to identify TLS client characteristics.
It analyzes the Client Hello message sent during the TLS handshake and generates a hash-based fingerprint that uniquely represents the client’s implementation.
In other words:
Every browser, app, or malicious program has a different set of TLS parameters when establishing an HTTPS connection,
and these differences create a kind of “network-layer fingerprint.”
How JA3 Works
JA3 extracts and concatenates the following 5 fields:
- SSL Version
- Cipher Suites
- Extensions (TLS extensions)
- Elliptic Curves (supported curves)
- Elliptic Curve Formats
For example, these fields might form the string:771,4865-4866-4867,0-11-10-35-16,23-24,0
Then the string is hashed using MD5, resulting in a JA3 fingerprint such as:e7d705a3286e19ea42f587b344ee6865
JA4 is an improved version of JA3 (proposed by Fox-IT / Salesforce, gaining popularity since 2023).
It addresses several JA3 limitations, such as:
- JA3 is sensitive to field ordering (e.g., changing the order of cipher suites results in a different fingerprint).
- JA3 only applies to client-side (Client Hello) messages.
- JA3 cannot easily distinguish between slightly modified implementations.