Incognito / Private Mode Test

Each browser caps storage and disables a handful of APIs in its private-browsing mode. We run nine independent probes — StorageManager quota, Service Worker availability, IndexedDB, Cache Storage, the Origin Private File System (OPFS), BroadcastChannel, SharedWorker, localStorage, and document.cookie — and combine the results into a weighted confidence score from 0 to 100. Browser family (Firefox, Chromium, Safari) is used to nudge a few weights, never as the sole determinant. The full signal breakdown is shown so you can see which probes contributed.

The score is a weighted sum of independent signals, capped at 100. Anything at or above 60 is reported as 'Likely Private', 25–59 as 'Suspicious — Mixed Signals', and below 25 as 'Likely Normal'. Because no single signal can flip the verdict on its own, the detector degrades gracefully when browser vendors close one of the side-channels we rely on. That said, no detector is bulletproof: extensions can spoof storage quota, enterprise policies can alter API surfaces, and future browser updates can shift signals. Treat the verdict as a strong indicator, not a definitive answer.

Three common reasons. (1) Paywalls: news sites use Incognito detection to block readers from circumventing their article limits, since Incognito wipes the local article counter on every session. (2) Bot and fraud detection: a fresh Incognito profile has no cookies, no localStorage, and a clean fingerprint, which raises a small flag for risk-scoring systems. (3) Affiliate cookie integrity: some referral programs reject conversions from Incognito because the affiliate cookie can’t be tied back to the click. Court rulings (e.g. the 2024 Google class-action settlement) have started to limit which of these uses are legal in some jurisdictions.

Sometimes. Chrome shipped a switch (~2019) that restored the FileSystem API in Incognito, which broke the most popular detection at the time. Today, the storage-quota signal is harder to spoof from a website's side because the cap is enforced at the browser level. There are user-installed extensions that override navigator.storage.estimate() to return a fabricated quota; those defeat this detector. Without an extension, the most effective workaround is simply to use a regular profile with a fresh container, since that gives you the same isolation properties without the quota giveaway.

It does not. Incognito clears cookies and localStorage at the end of the session and prevents history from being written to disk, but the network packets your browser sends are unchanged. Your IP, ISP, browser fingerprint, TLS fingerprint, and DNS queries are all still visible to websites, your network operator, and your DNS provider. To hide your IP you need a VPN or Tor; Incognito alone does not.

The names differ but the behaviour is similar. Chrome / Edge call it Incognito and InPrivate respectively, Firefox and Safari call it Private Browsing, Brave splits it into Private and Private with Tor. All of them: discard cookies, localStorage, IndexedDB, and history when the last private window closes; keep downloads and bookmarks; and apply a reduced storage quota. They differ in extras: Brave routes optionally through Tor, Safari isolates each tab from the others, and Firefox enables Total Cookie Protection by default. None of them encrypt your traffic or change your IP.