Most people know about cookies. They've seen the consent banners, clicked "Accept All" more times than they can count, and maybe even cleared their browser history in an attempt to start fresh. What far fewer people know is that there's a tracking method cookies can't touch — one that doesn't store anything on your device and can't be cleared. It's called browser fingerprinting, and it's been quietly built into the architecture of the web for years.
What is browser fingerprinting?
Every time your browser loads a webpage, it sends a significant amount of information to the server as part of the normal request process. This includes your browser version, operating system, screen resolution, time zone, preferred language, and more. Individually, none of these details are unique. Combined, they often are.
Browser fingerprinting is the practice of collecting these attributes, combining them, and using the resulting profile to identify your browser across sessions and websites. No tracking code needs to be stored on your device. The "fingerprint" is assembled fresh from data your browser sends automatically, every single time.
The Electronic Frontier Foundation's research found that over 83% of browsers have a fingerprint unique enough to identify them among all browsers tested. More recent studies put this number even higher for desktop browsers.
What data makes up your fingerprint?
The range of data points that can be collected is wider than most people expect. Some are sent automatically in HTTP headers; others require running small scripts in your browser. Common attributes include:
The canvas fingerprint deserves a specific mention. A tracking script draws an invisible image using the Canvas API, then reads back the pixel data. Because different graphics cards, operating systems, and font renderers produce slightly different pixel outputs for the same drawing instructions, the result is a highly unique signature that reflects your hardware at a very low level.
How it differs from cookies
Cookies are a storage mechanism. A site places a small file on your device, gives it an ID, and reads that ID on your next visit. Blocking or deleting cookies removes the tracking mechanism entirely.
Fingerprinting requires no storage. The data is read from your browser's properties on every visit — properties that are set by your operating system, hardware, and browser configuration, not by the tracking site. You can't "clear" your screen resolution or uninstall your GPU.
This also means fingerprinting works in private browsing and incognito mode. Your browser still has a screen resolution, a timezone, and a graphics card. Incognito mode prevents local storage of browsing history, but it doesn't change the properties that make up a fingerprint. Many users assume private mode provides more protection than it actually does.
A note on VPNs: A VPN hides your IP address, but it does nothing about browser fingerprinting. Even if your IP shows a VPN server in Amsterdam, your canvas fingerprint, screen resolution, and installed fonts remain unchanged. Fingerprinting and IP tracking are separate tracking vectors requiring separate countermeasures.
What you can actually do about it
Complete protection against browser fingerprinting is difficult — the only truly effective defence is making your browser look identical to millions of others. These are the most practical options:
Use Brave Browser. Brave has built-in fingerprint randomisation. It slightly alters certain fingerprinting attributes on each site visit, making it harder to track you consistently across sessions. This is one of the most effective mainstream solutions available without significant technical effort.
Enable fingerprint resistance in Firefox. Firefox includes a privacy.resistFingerprinting setting (accessible via about:config) that standardises several commonly fingerprinted attributes. It's not perfect, but it meaningfully reduces the uniqueness of your fingerprint and is the best option if you prefer Firefox.
Use Tor Browser. Tor Browser applies the most aggressive fingerprint standardisation of any mainstream browser. All Tor users get the same window size, fonts, and rendering properties by design, making individual fingerprinting extremely difficult. The trade-off is significantly slower browsing speeds.
Minimise browser extensions. Counter-intuitively, more extensions can make you more unique. Each extension can alter the browser environment in detectable ways. Keeping extensions minimal makes your profile closer to a generic baseline.
Avoid unusual screen resolutions or custom fonts. Running your browser in a standard window size and not installing unusual system fonts reduces how distinguishable your fingerprint is from the baseline for your browser and OS combination.
The bigger picture
Browser fingerprinting is a reminder that online tracking has evolved far beyond simple cookies. The web's tracking infrastructure now operates across multiple layers — IP addresses, cookies, local storage, fingerprinting, and more — and each layer requires its own countermeasure. Clearing your cookies protects against one; a VPN protects against another; fingerprint-resistant browsers address a third.
Understanding that these layers exist is the first step to deciding which level of protection is worth the effort for your situation. For most people, using Brave or Firefox with fingerprint resistance enabled, combined with a VPN, covers the most significant tracking vectors without requiring significant changes to how you browse.