What Is WebGPU Fingerprinting?

Paste into ChatGPT, Claude, or any LLM

On this page

WebGPU fingerprinting reads identifying data from the modern navigator.gpu API. WebGPU is the newest browser standard for talking to your GPU (the graphics chip), and it gives away a lot about your hardware. Where the older WebGL standard mostly exposes a single renderer string (a short text label naming the GPU), WebGPU exposes a structured GPUAdapterInfo object plus dozens of numeric limits - the GPU's maximum capacities, such as max buffer size, max compute workgroup counts, and max texture dimensions - and a list of supported features. WebGPU can also run real compute shaders (small programs that do math on the GPU), so a probe can hash the floating-point output of a known calculation. That result reflects the actual silicon, which makes it a stronger, harder-to-fake signal than WebGL.

Reads	GPUAdapterInfo (vendor/architecture), ~40 numeric limits, feature list, compute output hash
Distinct from WebGL	WebGPU exposes structured adapter limits + compute shaders, not just a renderer string
Headless tell	No adapter at all (requestAdapter returns null) on GPU-less servers
Coherence trap	Adapter limits must match the WebGL renderer and the claimed platform
Status	Shipped in Chrome 113+; anti-bot vendors began scoring it in 2024-2025

What WebGPU exposes that WebGL does not

WebGPU was designed for heavy compute work, so it reveals far more structured hardware detail than WebGL. A fingerprinting probe collects three layers:

Adapter info - adapter.info returns vendor ("nvidia", "apple", "intel"), architecture ("turing", "apple-m", "gen-12lp"), and sometimes device and description strings.
Limits - adapter.limits is an object of roughly 40 numeric ceilings: maxTextureDimension2D, maxBufferSize, maxComputeWorkgroupSizeX, maxStorageBufferBindingSize, and more. The exact set of numbers is tightly tied to the GPU model and its driver.
Compute output - run a known compute shader over known inputs, read the result back, and hash it. The tiny floating-point rounding differences in the shader cores vary between vendors and architectures.

The combination carries more entropy (more identifying power) than WebGL, because the limits object alone encodes the GPU tier as about 40 correlated numbers rather than one string.

Why headless servers fail WebGPU

On a server with no GPU, navigator.gpu.requestAdapter() resolves to null - there is simply no graphics card to describe. Real desktop Chrome on consumer hardware almost always returns a working adapter, so a null adapter on a request that claims to be a normal desktop user is a strong anomaly. Forcing software rendering instead (Chrome's Dawn/SwiftShader WebGPU backend, which imitates a GPU in plain code) returns an adapter whose vendor is reported as a software fallback and whose limits match no real GPU - an equally clear tell.

The fixes mirror the ones for WebGL: pass a real GPU through to the browser (xvfb plus a physical or virtual GPU), or patch the adapter at the engine level so the info, limits, and compute output all come from one coherent real-device profile. Spoofing adapter.limits from JavaScript is detectable, because the patched getter functions fail Function.toString() inspection (a check that prints a function's source to see if it has been tampered with).

The WebGL/WebGPU coherence check

The decisive technique is cross-checking WebGPU against WebGL. Both APIs describe the same physical GPU, so their stories must agree. If WebGL reports "Apple GPU" but the WebGPU adapter vendor is "nvidia", or WebGL reports an RTX 4070 while the WebGPU maxComputeWorkgroupStorageSize matches an integrated Intel chip, the request contradicts itself and gets blocked. A request that spoofs one API but leaves the other at its headless default is worse off than spoofing neither.

This is the same lesson as everywhere else in fingerprinting: a believable identity is a coherent cluster of values harvested from one real machine, not a pile of individually plausible spoofs. Engine-level tools (Camoufox, Chromium forks) that serve matched (WebGL, WebGPU) pairs per session are the only reliable defence.

Code example

javascript

// What an anti-bot script reads to fingerprint WebGPU
async function webgpuFingerprint() {
  if (!navigator.gpu) return 'no-webgpu';          // suspicious on modern Chrome
  const adapter = await navigator.gpu.requestAdapter();
  if (!adapter) return 'null-adapter';             // GPU-less headless server tell

  const info = adapter.info || {};
  const limits = {};
  for (const k in adapter.limits) limits[k] = adapter.limits[k];  // ~40 numbers

  return {
    vendor: info.vendor,                 // 'nvidia' | 'apple' | 'intel' | software-fallback
    architecture: info.architecture,     // 'turing' | 'apple-m' | 'gen-12lp'
    features: [...adapter.features].sort().join(','),
    maxBufferSize: limits.maxBufferSize, // tightly bound to GPU model
    maxTexture2D: limits.maxTextureDimension2D
  };
  // Cross-checked against the WebGL renderer - a mismatch is block-grade.
}

Related terms

What Is WebGL Fingerprinting?

WebGL fingerprinting reads identifying information directly from the GPU. WebGL is the browser feature that lets web pages draw 3D graphics …

What Is Canvas Fingerprinting?

Canvas fingerprinting is a way for a website to identify your device by asking the browser to draw a tiny invisible image, then turning the …

What Is Browser Fingerprinting?

Browser fingerprinting is a technique that identifies and tracks a visitor by combining dozens of small, observable characteristics of their…

What Is Fingerprint Clustering?

Fingerprint clustering is the practice of grouping fingerprints from millions of real visitors by similarity, then rejecting any new visitor…

What Is Headless Browser Detection?

Headless browser detection is the set of probes anti-bot systems use to distinguish a headless or instrumented Chrome session from a real us…

What Is Camoufox?

Camoufox is a fork of Firefox with anti-fingerprinting patches applied at the C++ build level. That phrase matters: most anti-fingerprinting…

What Is Anti-Bot Detection?

Anti-bot detection is the set of techniques websites use to tell automated traffic apart from real human visitors — and then block, challeng…

How Browser Fingerprinting Works

Browser fingerprinting is how a site combines signals — canvas, WebGL, audio, fonts, navigator probes, TLS (the encryption layer behind http…

Anti-Bot Vendor Detection Cheatsheet

A useful first step when working with any protected site you are authorized to access is identifying which anti-bot vendor sits in front of …

How Do Websites Detect Web Scrapers?

Websites spot scrapers by gathering hundreds of small clues about each visitor, then scoring how human the whole picture looks. No single cl…

Concept map

How WebGPU Fingerprinting connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections

You are here · Anti-Bot

Tools & solutions for this topic

Frequently asked questions

Is WebGPU fingerprinting replacing WebGL fingerprinting?

It is adding to WebGL, not replacing it. WebGL still ships in every browser and is checked first. WebGPU is used as a second, higher-entropy GPU signal and - more importantly - as a way to cross-check WebGL for consistency. Vendors that read both can catch tools that only harden one of them.

Can I disable WebGPU to avoid the fingerprint?

On Chrome 113+ a missing navigator.gpu is increasingly odd for something claiming to be desktop Chrome, though it is still common enough today to be a soft hint rather than an outright block. Returning a null adapter looks more normal than removing the API entirely, but the safest setup is a coherent, real adapter.

Why is the limits object such a strong signal?

Because it is about 40 numbers that all come from the same GPU and driver, so they are highly correlated. You cannot change one without making the whole set inconsistent with any real device. Spoofing a believable limits object means copying a complete one from a real GPU, not editing individual values.

Last updated: 2026-05-31