Anti-Bot

What Is FingerprintJS?

What Is FingerprintJS? - conceptual illustration
On this page

FingerprintJS is an open-source JavaScript library that combines many browser and device attributes into a single hashed visitor identifier. Because that identifier is derived from device characteristics rather than stored state, it tends to persist across private-browsing sessions and after a user clears cookies, which is why sites use it for analytics and fraud prevention. It is one of the most widely deployed fingerprinting libraries on the web. The same company also ships a commercial server-side product (Fingerprint Pro, also called Fingerprint Identification) and a separate open-source bot-detection library called BotD.

Quick facts

TypeOpen-source client-side fingerprinting library (MIT)
OutputA stable hashed visitor identifier
CollectsCanvas, audio, fonts, screen, UA/platform, hardware hints, WebGL
Commercial tierFingerprint Pro - adds server-side + ML signals (vendor cites 99.5% identification accuracy)
Sibling libraryBotD - free bot-detection library (Selenium, Playwright, headless, etc.)

How FingerprintJS builds a visitor ID

The library reads a long list of entropy sources - canvas and audio rendering output, installed fonts, screen resolution and colour depth, user-agent and platform, language and timezone, hardware hints such as CPU core count and device memory, and WebGL/GPU details - and hashes the combination into one identifier. Each source on its own is weak, but together they are distinctive enough to recognise a returning device. The library's own documentation is candid about the limits: because everything runs in the browser, the identifier is open to spoofing and reverse engineering, and it cannot tell apart two devices with identical hardware, OS and browser, since every JavaScript-visible signal is the same.

Open source vs. Fingerprint Pro

There are two distinct products. The open-source library runs entirely client-side and produces a plain fingerprint hash. Fingerprint Pro (Fingerprint Identification) collects the browser signals but processes them server-side, adds network-level data such as IP and machine-learning models, and returns a stable visitor ID plus a per-request confidence score. The vendor markets Pro at 99.5% identification accuracy - a figure to attribute to Fingerprint rather than treat as an independent benchmark - and describes the open-source library only as significantly less accurate, without publishing a number. The conceptual line is between a plain fingerprint (a technical snapshot of the browser) and identification (resolving an actual returning visitor using client and server signals together).

BotD and the bot-detection sibling

BotD is a separate, free, MIT-licensed library from the same company, focused on detecting automation rather than identifying visitors. It runs in the browser and flags headless browsers, virtual machines and automation frameworks - the open-source edition recognises headless Chrome and Firefox, Selenium, Playwright, PhantomJS, Electron and others. The commercial bot-detection tier adds a verdict structure (for example, a result such as bad or good plus a detected bot type), distinguishes legitimate crawlers from unwanted ones, and folds in server-side signals such as TLS and IP analysis. For a scraper, the practical takeaway is that FingerprintJS and BotD represent two of the most common client-side checks a site can deploy, and both look hardest at headless-browser signatures and at attributes that disagree with one another.

Code example

javascript
// FingerprintJS is what a SITE runs on its visitors - it generates a stable
// visitor ID. This is the public open-source usage, shown so you understand
// what the library exposes when you land on a page that embeds it.
import FingerprintJS from '@fingerprintjs/fingerprintjs'

const fp = await FingerprintJS.load()
const result = await fp.get()

// result.visitorId is the hashed identifier built from device signals.
// result.components lists every signal that went into it (canvas, fonts,
// audio, screen, ...). The library's docs note this client-side ID is
// open to spoofing - the commercial Pro tier adds server-side signals.

Related terms

What Is CreepJS?
CreepJS is an open-source JavaScript test page that measures how identifiable a browser is and whether the values it reports are internally …
What Is Browser Fingerprinting?
Browser fingerprinting is a technique that identifies and tracks a visitor by combining dozens of small, observable characteristics of their…
What Is Canvas Fingerprinting?
Canvas fingerprinting is a way for a website to identify your device by asking the browser to draw a tiny invisible image, then turning the …
What Is AudioContext Fingerprinting?
AudioContext fingerprinting plays a silent waveform through the Web Audio API, then reads back the resulting floating-point samples and hash…
What Is Headless Browser Detection?
Headless browser detection is the set of probes anti-bot systems use to distinguish a headless or instrumented Chrome session from a real us…
What Is Anti-Bot Detection?
Anti-bot detection is the set of techniques websites use to tell automated traffic apart from real human visitors — and then block, challeng…
What Is BrowserScan?
BrowserScan (browserscan.net) is a free, hosted web page that tests how authentic and internally consistent a browser's fingerprint looks, a…

Concept map

How FingerprintJS connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections
You are here · Anti-Bot
Building map…

Tools & solutions for this topic

Frequently asked questions

What does FingerprintJS do?

It combines many browser and device attributes - canvas, audio, fonts, screen, hardware hints and more - into a single hashed visitor identifier that a website can use to recognise a returning device, even across private-browsing sessions or after cookies are cleared.

What is the difference between FingerprintJS and Fingerprint Pro?

The open-source FingerprintJS library runs entirely in the browser and outputs a plain fingerprint hash. Fingerprint Pro processes those signals server-side, adds network data and machine learning, and returns a stable visitor ID with a confidence score. The vendor cites 99.5% identification accuracy for Pro; the open-source library is described as significantly less accurate.

How is FingerprintJS different from CreepJS?

They have opposite goals. FingerprintJS generates a stable ID to answer 'who is this returning visitor?' CreepJS instead checks whether a browser's reported signals are internally consistent and flags contradictions. One is for identification, the other for consistency and lie detection.

What is BotD?

BotD is a separate, free, open-source bot-detection library from the same company. It runs in the browser and detects headless browsers, virtual machines and automation frameworks such as Selenium and Playwright. The commercial tier adds a verdict structure and server-side signals.

Last updated: 2026-06-15