Device Fingerprinting
Device fingerprinting collects attributes of a user's browser and device (screen resolution, installed fonts, WebGL renderer, etc.) to create a unique identifier, enabling tracking and fraud detection without cookies.
What is Device Fingerprinting?
Device fingerprinting is a technique that identifies a device by collecting a combination of its hardware and software attributes. These attributes include the browser type and version, operating system, screen resolution, timezone, language settings, installed plugins, WebGL renderer, canvas rendering characteristics, and dozens of other signals. When combined, these attributes create a fingerprint that is often unique enough to identify a specific device across sessions, even without cookies.
How Fingerprinting Works
A JavaScript snippet runs in the user's browser and queries various browser APIs to collect attribute values. The collected data is hashed into a compact identifier. Even if individual attributes are common, the combination of all attributes is highly distinctive. Advanced fingerprinting techniques include canvas fingerprinting (rendering invisible graphics and comparing pixel data), AudioContext fingerprinting (measuring audio processing differences), and WebRTC fingerprinting (detecting local IP addresses).
Fingerprinting for Fraud Detection
Device fingerprinting is a powerful tool against multi-accounting, account takeover, and credential stuffing. If the same device fingerprint appears across multiple accounts, it suggests multi-accounting. If an account is suddenly accessed from a completely new fingerprint, it may indicate an ATO attempt. Fingerprinting remains effective even when attackers rotate IPs using backconnect proxies.
Combining Fingerprinting with AntiProxies
Device fingerprinting and IP reputation are complementary defenses. AntiProxies provides the network-layer intelligence (Is this IP a proxy? A VPN? A Tor exit?), while device fingerprinting provides the client-layer intelligence (Is this the same device that was seen yesterday?). Together, they create a robust identity signal that is extremely difficult for attackers to spoof across both layers simultaneously. Explore our bot detection database to see the network-layer signals AntiProxies contributes to this stack.
Related Terms
Mentioned in
- Building a Fraud Prevention Stack: Essential Layers Every Business Needs
- Coupon Abuse and Promo Fraud: The Growing Threat to E-Commerce
- Credential Stuffing: Anatomy of an Attack and How to Stop It
- Device Fingerprinting: How It Works, Where It Fails, and Privacy Concerns
- GDPR-Compliant Bot Protection: What You Need to Know
- Honeypots and Trap Fields: Passive Bot Detection Techniques
- How Fraudsters Use Proxies to Bypass KYC Checks
- ISP Reputation Scoring: A Practical Guide for Security Engineers
- Multi-Accounting: How Fraudsters Exploit Your Platform and How to Stop Them
- Payment Fraud and Bot Attacks: Protecting Your Checkout Flow
- Anonymous Proxy vs VPN vs Tor: Understanding the Differences for Security Teams
- The Rise of AI-Powered Bots: What's Changed in 2026
- What Is IP Reputation and Why It Matters for Fraud Prevention
- Why CAPTCHAs Alone Won't Stop Bots (And What Will)