Skip to main content

Learn

What is browser fingerprinting?

The tracking method that works across VPNs, incognito windows, and cookie clearing.

The basics

A browser fingerprint is a profile built from ordinary device signals.

Every time a page loads, websites can observe a long list of browser and device attributes. Some are obvious, like screen size or language. Others are lower-level details, like graphics capabilities, audio behavior, TLS negotiation patterns, and the order your browser sends headers.

On their own, most of these values are not unique. Combined, they become highly distinctive. A site can use that combination to recognize the same browser across visits, even if you never sign in and even if traditional tracking tools are blocked.

That is what makes fingerprinting different from cookies. It does not need local storage, explicit consent, or a user account. Commercial products such as FingerprintJS are designed to identify returning browsers with very high confidence, which is why fingerprinting remains useful even after cookies are cleared or a VPN is enabled.

What gets collected

Fingerprinting works because browsers leak signals at every layer.

None of these values needs to be unique on its own. The power comes from the combination, and each guide breaks down one part of that model.

Guide

Canvas fingerprinting

How hidden drawing tests turn rendering quirks into a stable browser identifier.

Read explainer

Guide

WebGL fingerprinting

How graphics APIs expose GPU, driver, and rendering behavior that can help identify a browser.

Read explainer

Guide

Audio fingerprinting

How offline audio processing reveals subtle implementation differences across browsers and devices.

Read explainer

Guide

Navigator properties

How standard browser APIs expose platform, hardware, language, and client identity details by default.

Read explainer

Guide

Screen and viewport fingerprinting

How resolution, pixel ratio, and browser chrome measurements help classify the device and window state.

Read explainer

Guide

Font fingerprinting

How text measurement and glyph rendering reveal installed fonts, software footprints, and environment details.

Read explainer

Guide

Timezone and locale fingerprinting

How language order, timezone, and Intl settings expose regional configuration and easy spoofing mistakes.

Read explainer

Guide

TLS fingerprinting

How the HTTPS handshake itself can identify a client before the page fully loads.

Read explainer

Guide

HTTP header fingerprinting

How request metadata, client hints, and header patterns reveal more than most users expect.

Read explainer

Guide

TCP/IP fingerprinting

How low-level packet defaults and network-stack behavior can classify the client beneath the browser.

Read explainer

Why it matters

Fingerprinting turns ordinary browsing into a durable identity signal.

  • Journalists and researchers

    Fingerprinting can connect research sessions across networks and browsing contexts, making it easier to link sensitive reporting work back to a known professional identity.

  • Legal professionals

    A VPN may hide office IP space, but it does not remove the identifying browser and device signals that can expose repeat research patterns.

  • Everyone else

    Ad-tech and fraud vendors use fingerprinting to rebuild profiles after cookies are cleared, browsers are switched, or private windows are closed.

Why VPNs do not fix it

A VPN changes your network path, not your browser identity.

A VPN can replace your public IP address, which is useful, but the rest of your browser and device profile often remains intact. If the same screen dimensions, header patterns, graphics signals, audio behavior, and network signatures appear before and after the VPN is enabled, the site still has a strong basis for linking those sessions together.

VPNs hide where you are. 404 hides who you are.

See how 404 works

VPN

IP address changes

  • Network location: Masked behind a new exit IP.
  • Browser fingerprint: Mostly unchanged across sessions.
  • Result: Sites can still correlate repeat visits with the same fingerprint.

404

Identity signals are harder to link

  • Network location: Can still be paired with a VPN if you need IP privacy.
  • Browser fingerprint: Key signals are rewritten or normalized across multiple layers.
  • Result: The browser becomes less stable and less useful as an identifier.

How 404 addresses it

404 reduces linkability by changing the signals websites and networks rely on.

The goal is not perfect anonymity. The goal is to make your browser less stable and less useful as a long-term identifier while staying usable on the modern web.

  • TLS layer

    404 replaces the cipher-suite ordering and related handshake characteristics that feed JA3 and JA4 style signatures.

  • HTTP layer

    It rewrites request headers and their ordering so the browser presents a more controlled profile to the server.

  • JavaScript layer

    Canvas, WebGL, audio, and navigator properties are spoofed so high-entropy browser APIs stop reflecting the underlying machine directly.

  • TCP/IP layer

    On supported systems, packet-level operating system signals are normalized with eBPF-based handling to reduce network-layer leakage.

No anti-fingerprinting tool can promise complete protection against every detection method, every site, or every future browser change. If you want to verify the implementation yourself, the code is public.

View on GitHub

Further reading

Resources worth reviewing