Overview
Device Fingerprinting returns two kinds of identifiers based on different hardware, browser, and network characteristics:
IDs
IDs are based on a cookie, and they are guaranteed to be unique. IDs are good for identifying good users returning to your site. However, they are easily changed by bad actors who clear their cookies or use private browsing (incognito mode).
Fingerprints
Fingerprints are deterministically-generated hashes of various low-level signals. These do not depend on stateful storage or IP address, so they remain stable even in incognito mode or when a VPN is used.
Fingerprints are usually stable for months or longer, including through routine browser updates. Rarely, a browser update changes low-level signals permanently, which results in new fingerprints.
There are four different levels of fingerprints:
- Visitor (most specific)
- Browser
- Hardware
- Network (least specific)
Table of different identifiers
This table outlines the distinct qualities of each identifier. For more details on different fingerprint characteristics and usage with our /rules endpoint, see Setting Rules.
| Identifier | Definition | Use Cases | Uniqueness |
|---|
| Visitor ID | A stateful cookie stored on the user’s device. | Having a unique identifier for a user. | Guaranteed unique |
| Browser ID | Combination of Visitor ID and Hardware Fingerprint to create a clear identifier of a browser. | Detecting stolen sessions; the browser ID should only be associated with a single hardware fingerprint. | Guaranteed unique |
| Visitor Fingerprint | A highly unique set of diverse signals. | Banning specific kinds of traffic in a cookie-less way. | 99.9% unique |
| Browser Fingerprint | A set of signals that identifies a browser on a specific kind of device. | Banning an unusual browser configuration only used for abuse. | Low |
| Hardware Fingerprint | A set of signals that identifies an operating system and architecture. | Detecting mismatches between hardware fingerprint and capabilities. | Low |
| Network Fingerprint | Also known as TLS fingerprint: a set of signals associated with a particular network stack. | Blocking programmatic access like Golang, Curl, or Node. | Low |
Using Fingerprints & IDs
You can set rules based on specific fingerprints to customize the behavior for specific devices. Fingerprints can also be tied to other user data to associate known hardware sets, browsers, and other attributes with your user base.
When determining which fingerprint to use for a given use case, consider a fingerprint’s uniqueness and stability.
Examples
