Canvas fingerprint

Canvas fingerprint test — what your GPU tells trackers

A canvas fingerprint is one of the strongest signals in any browser fingerprint test. Trackers render hidden text and shapes to a hidden canvas, read the pixels back, and hash the result — the tiny rendering differences between every device's GPU + font stack make the hash unique to your machine.

Live test

This card runs only the canvas fingerprint probe. To run all six fingerprint surfaces at once, use the full browser fingerprint test.

Canvas fingerprint

measuring…

Trackers render hidden text + shapes to a canvas, read the pixels back, and hash them. Tiny GPU/font rendering differences make every browser unique.

What is a canvas fingerprint?

A canvas fingerprint is a hash computed from a hidden HTML5 <canvas> element after the page draws specific text and graphics into it. Two browsers running on identical software but different hardware (GPU model, GPU driver version, anti-aliasing settings, installed fonts) produce slightly different pixel output. The hash of those pixels typically encodes 8–14 bits of entropy — enough to identify roughly one in ten thousand visitors.

Canvas fingerprinting was first documented in 2012, became widespread by 2014, and is now standard equipment in every commercial fingerprinting library — FingerprintJS, ThreatMetrix, IPQS, fingerprint.com — and in every major bot-detection stack.

How the canvas test works

When you opened this page, the test created a 240×60 canvas, drew the string Cwm fjord bank glyphs vext quiz in two fonts and three colors, then called canvas.toDataURL() to read the pixels back as a base-64 PNG. The hash above is computed from the entire byte stream of that image.

Reload the page. The hash will be identical — that's what makes canvas fingerprinting useful for tracking. Now visit a different machine with a different GPU; the hash will differ. Trackers store this hash and check for it on every site that includes their script.

How to block canvas fingerprinting

You can't disable the canvas API without breaking most modern websites. The defense is to add tiny per-pixel noise to toDataURL() output so the hash differs every page load. Done well, the noise is invisible to humans but completely changes the hash. Done badly, it's detectable as "noise was applied" and tracker stacks flag the visitor as a bot — worse than no defense.

Browser Leaks Fingerprint Shield applies seeded noise to canvas reads in the free tier, with the noise function disguised as a native browser method to defeat the standard toString() detection check. Install it, refresh this page, and watch the canvas hash above change.

FAQ

Canvas fingerprint questions

Does my canvas fingerprint change between sessions?

No. Without an anti-fingerprinting extension, the same browser on the same device produces the same canvas hash on every reload, in every browser tab, for years. That stability is exactly why trackers use it.

Does incognito mode change my canvas fingerprint?

No. Incognito mode only clears cookies and history. Your canvas hash in incognito is identical to your canvas hash in a normal window.

Why does my canvas test hash differ from someone else on the same browser version?

Two reasons: (1) GPU + GPU driver differences cause the pixel output to vary even between identical OS + Chrome versions, and (2) installed font lists differ between users, which affects how Arial, Helvetica, and other fallback fonts actually render.

Can a website tell I am blocking canvas fingerprinting?

Only if the spoofing extension is unsophisticated. Naive blockers replace toDataURL with a function whose .toString() doesn't return native code — a 5-line check defeats them. Browser Leaks Fingerprint Shield disguises every patched method to return native-code strings, so detection is much harder.

Run the full browser fingerprint test.

See your composite hash across all six surfaces — canvas, WebGL, audio, WebRTC, Client Hints, and User-Agent — in one click.

Open the browser fingerprint test →