Fingerprint

Fingerprint

Fingerprint scripts collect browser attributes, hardware signals, and network data to generate a stable visitor identifier. The identifier supports fraud prevention, bot detection, account security, and visitor analytics without relying solely on cookies or local storage.

Back to Vendor Library

Overview

Fingerprint (formerly FingerprintJS Pro) is a browser identification service that generates a highly stable visitor identifier by collecting and hashing dozens of browser and hardware attributes. The resulting identifier persists across cookie clears and private browsing sessions, making it more durable than cookie-based tracking. Fingerprint is deployed across use cases ranging from fraud prevention and bot detection to analytics and account security.

What This Script Does

The Fingerprint Pro script (fpjscdn.net or a proxied first-party domain) collects the following signal categories to construct a visitor identifier:

Browser signals:

  • User agent, browser version, installed plugins, and MIME types
  • Canvas fingerprint (pixel-level rendering of a test canvas element)
  • WebGL renderer and vendor strings
  • Audio context fingerprint (AudioContext API signal processing output)
  • Font enumeration and rendering characteristics

Hardware signals:

  • Screen resolution, color depth, and device pixel ratio
  • Hardware concurrency (CPU core count)
  • Device memory size

Network signals:

  • IP address (processed server-side)
  • Timezone and language settings

The collected signals are transmitted to Fingerprint's servers (api.fpjs.io or a configured first-party proxy) and processed to produce a visitorId — a stable identifier returned to the implementing site. The visitorId can be stored in cookies, localStorage, or server-side session state by the implementing application.

Consent & Compliance

Fingerprint carries mixed consent categories: analytics and essential, depending on deployment purpose.

Under GDPR and ePrivacy, the consent requirement depends on how Fingerprint is used. For fraud prevention and account security (blocking credential stuffing, preventing payment fraud), processing can be justified under legitimate interest or contractual necessity — the essential use case. For visitor analytics, behavioral tracking, or ad attribution use cases, explicit opt-in consent is required before the script loads, as the identifier constitutes personal data processed for non-essential purposes.

Under CCPA, the visitorId constitutes a unique persistent identifier qualifying as personal information. The use case determines the appropriate CCPA framework (service provider vs. business in its own right).

Should You Block This Without Consent?

Conditional. If Fingerprint is used exclusively for fraud prevention, bot detection, or account security — and the visitorId is not shared with analytics or advertising platforms — it can be treated as essential and loaded without prior consent. If it is used for visitor analytics, session stitching across cookie clears, or ad attribution, block it until analytics consent is obtained. Document the purpose of use and the legal basis in your privacy notice.

Visit website

Consent Categories

Analytics
Essential

Also Known As

fingerprint jsfingerprintjsbrowser fingerprintingdevice fingerprint trackingfingerprint probot detection fingerprintvisitor identification

Industries

Programming and Developer SoftwareComputers Electronics and Technology

Tracked Domains (1)

fingerprint.comAnalytics

Frequently Asked Questions

Is consent required for Fingerprint on my website?

It depends on your use case. For fraud prevention and bot detection, Fingerprint may be treated as essential under legitimate interest. For visitor analytics, session stitching, or ad attribution, explicit opt-in consent is required under GDPR and ePrivacy before the script loads.

What browser data does Fingerprint collect?

Fingerprint collects dozens of signals including canvas rendering output, WebGL renderer strings, audio context fingerprints, installed fonts, screen resolution, device memory, CPU core count, and timezone. These are hashed server-side to produce a stable visitor identifier that persists across cookie clears and private browsing.

How does ConsentStack handle Fingerprint's dual purpose?

ConsentStack recognizes Fingerprint as both analytics and essential. Operators can configure whether it is treated as essential for fraud prevention (loaded without consent) or analytics for visitor tracking (blocked until consent). ConsentStack adapts its blocking behavior based on the documented deployment purpose.

Related Vendors

Google
Google
Google is the dominant provider of web analytics, advertising, and infrastructure tools. Scripts like Google Analytics, Tag Manager, Ads, and reCAPTCHA collect behavioral data, manage tag firing, serve targeted ads, and detect bots. Sets persistent cookies to track users and correlate activity across sites.
Google Analytics
Google Analytics
Google Analytics is the world's most widely deployed web analytics platform. Scripts track page views, sessions, user demographics, traffic sources, and conversion events. Drops cookies to identify returning visitors and attribute user journeys across sessions.
Firebase
Firebase
Firebase is Google's mobile and web application development platform offering authentication, real-time database, cloud functions, and analytics. Web SDK scripts initialize Firebase services and may track app events via Firebase Analytics, which is powered by Google Analytics 4. Widely used in single-page apps and PWAs for backend infrastructure and usage tracking.
Microsoft
Microsoft
Runs Clarity (session recording and heatmaps), the Microsoft Advertising UET tag (conversion tracking), and Bing's remarketing pixel. Clarity injects a recording script that captures mouse movements, clicks, and rage clicks. The UET tag fires conversion events to tie ad clicks to on-site actions across Microsoft's ad network.
Microsoft Dynamics 365
Microsoft Dynamics 365
Microsoft Dynamics 365 is a suite of CRM and ERP applications that integrates with websites through tracking scripts and embedded forms. Web tracking code captures visitor behavior, page views, and form submissions to build customer profiles and score leads. Sets cookies to identify returning visitors and attribute marketing touchpoints across sessions.
LinkedIn Insight Tag
LinkedIn Insight Tag
LinkedIn Insight Tag is a JavaScript tracking pixel for LinkedIn's advertising and analytics platform. The tag fires on every page view to collect URL, referrer, IP address, and device data for conversion tracking, website demographics reporting, and retargeting audience building. Sets cookies to identify LinkedIn members across advertiser websites.

Manage consent for Fingerprint

ConsentStack automatically detects and manages Fingerprint trackers so your site stays compliant with global privacy regulations.

Get started