What Is Timing & Cache Side-Channel Fingerprinting?

Paste into ChatGPT, Claude, or any LLM

On this page

Timing-based fingerprinting uses high-resolution clocks to measure how long operations take, turning microarchitectural and rendering behaviour into a hardware signature. With performance.now(), SharedArrayBuffer counters, or WebGL/WASM workloads, a script measures CPU cache latency, GPU draw time, and memory speed. Those timings identify a class of hardware and, crucially, reveal when a “browser” is actually rendering in software — a hallmark of headless automation.

Clocks	performance.now(), SharedArrayBuffer timer, requestAnimationFrame
Measures	CPU cache (Prime+Probe), GPU draw time, WASM/SIMD speed
Reveals	Hardware class + software-rendering fallbacks
Mitigated by	Clock coarsening, cross-origin isolation gating
Related	WASM fingerprinting, WebGL fingerprinting

From clocks to hardware signatures

Transcendental math and pixel hashes identify the software stack; timing identifies the hardware. A script runs a fixed GPU draw or a WASM SIMD kernel and measures wall-clock duration: a real discrete GPU finishes a shader far faster than Chrome’s SwiftShader software renderer, and a real CPU’s cache hierarchy produces a Prime+Probe latency curve that an emulated environment does not. Academic side-channel work (cache attacks, GPU timing) showed these measurements can even infer what other tabs or processes are doing — which is why browsers coarsened performance.now() and gated SharedArrayBuffer behind cross-origin isolation after Spectre.

Why headless browsers fail timing checks

Headless browsers on GPU-less servers fall back to software rendering. A draw that takes ~2 ms on a real GPU might take 50–200 ms in SwiftShader — a giant, obvious tell. Anti-bots that pair a canvas probe with a timing probe can catch a replayed canvas hash: the pixels look real but the render took software-renderer time. The same logic flags WASM workloads that run at emulated speed. There is no JavaScript fix; you need real (or GPU-accelerated) hardware to produce real timings.

Why timing is hard to fake — and what works

Timing side-channels are powerful precisely because they read the real hardware underneath the browser. Even with performance.now() resolution deliberately coarsened to defend against Spectre, the relative cost of operations — cache hits versus misses, JIT warm-up, GPU draw timing — reflects the actual CPU and memory you are running on. You cannot convincingly fake those ratios from JavaScript, because the code you add to fake them also takes measurable time.

So the practical answer is to run on hardware whose timing profile matches the identity you present, rather than to spoof clocks. A datacentre VM running headless Chrome behind a residential User-Agent has a timing signature that does not match a real consumer laptop. Residential and real-device infrastructure — the kind a managed web scraping API runs behind — produces genuine timing characteristics instead of trying to forge them.

Related terms

What Is Browser Fingerprinting?

Browser fingerprinting is a technique that identifies and tracks a visitor by combining dozens of small, observable characteristics of their…

What Is WASM Fingerprinting?

WebAssembly fingerprinting is a 2026 detection layer that probes the actual CPU through WASM SIMD instructions and uses WebAssembly.Memory({…

What Is WebGL Fingerprinting?

WebGL fingerprinting reads identifying information directly from the GPU. The browser exposes the graphics card vendor and renderer string (…

What Is Canvas Fingerprinting?

Canvas fingerprinting is a browser-identification technique that asks the browser to draw an invisible image and hashes the resulting pixel …

What Is Headless Browser Detection?

Headless browser detection is the set of probes anti-bot systems use to distinguish a headless or instrumented Chrome session from a real us…

What Is Anti-Bot Detection?

Anti-bot detection is the set of techniques websites use to distinguish automated traffic from human users — and to block, challenge, or thr…

Concept map

How Timing & Cache Side-Channel Fingerprinting connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections

You are here · Anti-Bot

Tools & solutions for this topic

Frequently asked questions

Why did browsers reduce timer precision?

After Spectre/Meltdown, high-resolution timers enabled cache side-channel attacks. Browsers coarsened performance.now() and gated SharedArrayBuffer behind cross-origin isolation to blunt them — which also limits some timing fingerprinting.

Can timing detect a replayed canvas?

Yes. If the canvas pixels match a real GPU but the render took software-renderer time, the contradiction reveals a headless browser replaying a harvested hash.

Is there a software workaround for slow headless rendering?

Not a reliable one. Real or GPU-accelerated hardware is what produces real timings; this is a key reason serious operations run browsers on machines with actual GPUs.

Last updated: 2026-05-28