Device Fingerprinting
The ShieldLabs JS snippet collects over 30 browser parameters to build a device fingerprint. The fingerprint is hashed into aDeviceID and used to detect multi-accounting, detect anti-detect browsers, and identify returning devices.
What is collected
Browser rendering
| Parameter | How collected |
|---|---|
canvas | Canvas 2D geometry, text, and winding test |
webGlBasics | WebGL vendor, renderer string, version |
webGlExtensions | List of supported WebGL extensions |
audio | OfflineAudioContext fingerprint |
fonts | Available system fonts (via CSS measurement) |
fontPreferences | Rendered font sizes across font families |
Hardware & display
| Parameter | Source |
|---|---|
screenResolution | screen.width × screen.height |
screenFrame | screen.availTop/Right/Bottom/Left |
colorDepth | screen.colorDepth |
colorGamut | rec2020 / p3 / srgb |
deviceMemory | navigator.deviceMemory |
hardwareConcurrency | navigator.hardwareConcurrency (CPU threads) |
architecture | CPU architecture bits |
Browser environment
| Parameter | Source |
|---|---|
platform | navigator.platform |
vendor | navigator.vendor |
vendorFlavors | Browser type flags (chrome, safari, etc.) |
plugins | navigator.plugins |
languages | navigator.languages |
timezone | Intl.DateTimeFormat().resolvedOptions().timeZone |
cpuClass | navigator.cpuClass (IE legacy) |
osCpu | navigator.oscpu |
Storage & APIs
| Parameter | Checks |
|---|---|
sessionStorage | window.sessionStorage available |
localStorage | window.localStorage available |
indexedDB | window.indexedDB available |
openDatabase | WebSQL available |
cookiesEnabled | navigator.cookieEnabled |
pdfViewerEnabled | PDF viewer plugin |
Media & accessibility
| Parameter | Checks |
|---|---|
touchSupport | maxTouchPoints, touch events |
invertedColors | prefers-color-scheme: inverted |
forcedColors | Forced colors mode active |
monochrome | Monochrome display bits |
contrast | prefers-contrast |
reducedMotion | prefers-reduced-motion |
reducedTransparency | prefers-reduced-transparency |
hdr | HDR display support |
applePay | Apple Pay API available |
audioBaseLatency | AudioContext.baseLatency |
How DeviceID is computed
All collected parameters are serialized into a stable string and hashed:What fingerprinting detects
Anti-detect browsers
Anti-detect browsers (Multilogin, AdsPower, Incogniton, etc.) randomize canvas, WebGL, and UA parameters to avoid fingerprinting. ShieldLabs catches these by:- TCP OS fingerprinting: the OS reported by the User-Agent is compared against the TCP stack fingerprint (TTL, MSS, window size). You cannot fake the TCP stack — only the OS kernel controls it.
- WebGL entropy: heavily randomized WebGL parameters have characteristic entropy signatures.
- Missing APIs: anti-detect profiles often have inconsistent plugin/API availability.
Headless browsers
Puppeteer, Playwright, and other headless browsers expose themselves through:- No canvas/WebGL renderer (or generic strings like
SwiftShader) - Missing audio context support
- No system fonts
navigator.webdriver = true(easily detected)- Missing STUN/ICE support →
Stun is not checkedsignal
Privacy browsers
Brave, Firefox with anti-fingerprinting, and Safari ITP:- Generate lower but non-zero DeviceIDs (fingerprinting is partially blocked)
- Typically don’t trigger OS mismatch signals (real OS is preserved)
- Score lower than anti-detect browsers
Privacy
ShieldLabs does not collect PII. The following data is explicitly excluded:- No raw IP (only sent server-side from TCP layer)
- No email, name, or user data
- No cookies
- No browsing history
UserHID you pass must be a hash of your user’s identifier, not the raw value.