Skip to main content

Device Fingerprinting

The ShieldLabs JS snippet uses MixVisit (@mix-visit/lite) to collect browser parameters. Shield.Core derives a stable DeviceID UUID from a subset of these components.

What is collected

Components sent in the encrypted snapshot payload include:

Browser rendering

ParameterHow collected
canvasCanvas 2D geometry, text, and winding test
webgl / webGlBasicsWebGL vendor, renderer, version
audioAudioContext fingerprint (sampleRate, etc.)
fontsAvailable system fonts
fontPreferencesRendered font sizes across font families
clientRectsElement bounding rect measurements

Hardware & display

ParameterSource
screenResolutionScreen dimensions
screenFrameAvailable screen frame offsets
colorDepth, colorGamut, hdrDisplay capabilities
devicePixelRatioVia navigator/screen
hardwareConcurrencyCPU thread count
architectureCPU architecture bits
touchSupportTouch points and events

Browser environment

ParameterSource
navigator / platformPlatform, vendor, languages
timezoneIANA timezone from MixVisit
vendorFlavorsBrowser type flags
intl, mathIntl and Math fingerprint
schedulingScheduler API

Storage & APIs

ParameterChecks
sessionStorage, localStorageStorage API availability
indexedDB, openDatabaseDatabase APIs
cookiesEnabledCookie support flag
batteryAPI, bluetoothAPI, networkAPIOptional APIs

Additional client signals (jsFeatures)

FieldPurpose
webrtcDisabled, webglDisabled, audioDisabledDisabled APIs (headless/antidetect)
isWebdrivernavigator.webdriver
isIncognitoIncognito/private mode heuristics
portScanChromium localhost port scan (antidetect/automation ports)

How DeviceID is computed

Server-side in Shield.Core, stable MixVisit components are serialized and hashed: 
DeviceID = UUIDv5(sorted(component_key:value pairs), ShieldNamespace)
Excluded from derivation (too volatile):
  • speechSynthesisVoices, baseLatency, storageQuota, computedStyleProperties
The result is a UUID string, not a MurmurHash hex digest.

Port scanning (Chromium only)

On Chromium browsers, the snippet dynamically loads portscanner.js and probes localhost ports for antidetect tools (AdsPower, Multilogin, etc.) and automation (CDP port 9222). Firefox/Safari skip port scan — only WebRTC-based signals apply.

What fingerprinting detects

Anti-detect browsers

  1. TCP OS fingerprinting: UA OS vs passive TCP stack (Shield.Tcp) — cannot be faked from JavaScript
  2. Port scan: localhost antidetect/automation ports (+60)
  3. Proxy timing signals: WebRTC TURN routed through proxy

Headless browsers

  • WebRTC disabled → JavaScript disabled (WebRTC) (+90)
  • Missing canvas/WebGL/audio components
  • navigator.webdriver = true
  • No STUN → Stun is not checked (+30)

Privacy

ShieldLabs minimizes PII collection:
  • No name, email, or form data
  • No browsing history URLs (only entryUrl and referrer of the protected page)
  • First-party visitorID cookie for persistent visitor tracking (see Identifiers)
  • UserHID must be a hash you provide — never raw PII