Canvas Fingerprint Test

Trackers identify you without cookies by asking your browser to draw an invisible image and hashing the result. See exactly what that image and hash look like for your browser.

Canvas 2D render

The image above is rendered fresh each visit using the same instructions across every browser. Subtle differences in font rendering, emoji glyphs, and GPU compositing produce a different pixel output — and therefore a different hash — on nearly every device.

Fingerprints

Canvas 2D hash
computing…
SHA-256 of canvas.toDataURL() output
WebGL hash
computing…
SHA-256 of VERSION + GLSL + vendor + renderer + extensions
WebGL vendor
WebGL renderer
Unmasked GPU vendor
blocked
Requires WEBGL_debug_renderer_info; blocked by Firefox RFP and Safari
Unmasked GPU renderer
blocked
The exact GPU model string — a very strong fingerprint when exposed

How canvas fingerprinting works

A tracker's script creates an off-screen <canvas>, draws text and shapes with a specific recipe, and then calls canvas.toDataURL() to get the rendered bytes. Because the final pixels depend on your font files, anti-aliasing algorithm, emoji set, GPU, and driver version, the output differs between devices in ways a user never sees. Hashing it produces a stable identifier that persists across sessions.

WebGL fingerprinting is even more precise: the GPU vendor, renderer, shading language version, and supported extensions are all exposed to JavaScript. On unmodified browsers the exact GPU model string (for example "Apple M2 Pro") is returned, which alone can narrow you to a few thousand devices.

How to defeat canvas fingerprinting

Firefox — open about:config and set privacy.resistFingerprinting to true. Canvas and WebGL return constant, fake pixel output.
Tor Browser — ships with resistFingerprinting enabled and prompts before allowing canvas readback.
Brave — randomizes canvas output per-session so hashes cannot be correlated across visits.
Safari — Intelligent Tracking Prevention restricts canvas readback from third parties.
Chrome / Edge — install CanvasBlocker or a similar extension; otherwise canvas and WebGL are exposed.

Frequently Asked Questions

What is canvas fingerprinting?

Canvas fingerprinting is a tracking technique that asks your browser to draw a carefully-chosen image in an invisible HTML canvas and then reads back the pixel data. Because font rendering, anti-aliasing, emoji glyphs, and GPU compositing vary between operating systems, browsers, and graphics drivers, the resulting pixel buffer is usually unique to a single device. Hashing that buffer yields a stable identifier that survives cookie deletion and incognito mode.

Is the canvas fingerprint on this page the same one trackers see?

Yes — the render recipe here (Arial text, overlapping circles with multiply blending, Times New Roman fallback) is deliberately similar to the instructions used by commercial fingerprinting libraries like FingerprintJS, so the SHA-256 hash you see is a good proxy for what a tracker would record about your browser. The hash changes if you switch browsers, upgrade your OS, or change your GPU driver.

What is the WebGL fingerprint?

WebGL exposes your GPU to web pages so they can render 3D graphics, but it also reveals low-level details: the driver vendor, the exact GPU model string, shading language version, and a long list of supported extensions. Bundled together and hashed, these values form a second fingerprint that is often even more unique than the 2D canvas fingerprint — especially on desktops where the GPU varies enormously.

Why are some GPU fields marked as blocked?

The UNMASKED_VENDOR_WEBGL and UNMASKED_RENDERER_WEBGL parameters return the exact GPU model — for example, 'ANGLE (Apple, Apple M2 Pro, OpenGL 4.1)'. Firefox hides these behind privacy.resistFingerprinting; Safari blocks them by default; Chrome reveals them unless you install a fingerprinting-resistant extension. When they show as 'blocked' here, your browser is actively defending against this fingerprint.

How do I block canvas fingerprinting?

Turn on Firefox’s privacy.resistFingerprinting (about:config) or use Tor Browser — both return a uniform, fake pixel output. Brave randomizes per-session. In Safari, Intelligent Tracking Prevention makes canvas readback noisier and restricts third-party usage. Chrome users can install the CanvasBlocker extension. All of these will change the hash you see on this page on every reload, which is exactly what defeats the tracker.

Does every browser produce a unique fingerprint?

Not quite every browser, but close. On desktop, canvas + WebGL hashes together are unique for roughly 95–99% of visitors in published studies. Mobile devices cluster a bit more (many iPhones of the same model produce identical hashes) but combined with other fingerprint signals they’re still highly identifying.

More Tools

Full Browser Inspector

See all 80+ data points your browser exposes

What Is My IP?

Check your public IP, location, and ISP

What Is My Browser?

Detect your browser, version, OS, and device type

IPv6 Leak Test

Check whether your IPv6 address leaks alongside your VPN's IPv4

WebRTC Leak Test

Detect local and public IPs exposed by WebRTC, even behind a VPN

DNS Leak Test

See which resolver answers your queries and whether it bypasses your VPN

JavaScript Information

Inspect your JS engine, supported features, and runtime capabilities

Geolocation API Test

Check what coordinates your browser exposes via the Geolocation API

TLS Client Test

Inspect your ClientHello, cipher suites, and JA3 fingerprint

Incognito / Private Mode Test

Detect whether your browser is in Incognito or Private Browsing mode

Further Reading

What Is Browser Fingerprinting?

Learn how sites track you without cookies

Browser Privacy Comparison

Chrome vs Firefox vs Safari vs Brave

Browser Privacy Tips

10 practical ways to harden your browser