Canvas Fingerprinting
Canvas fingerprinting identifies a device by the tiny rendering differences produced when a browser draws hidden graphics using the HTML5 canvas.
Canvas Fingerprinting explained
Canvas fingerprinting asks the browser to render text or shapes onto an invisible HTML5 canvas, then reads back the pixel data. Subtle variations in GPU, drivers, fonts, and anti-aliasing make the output slightly different across devices, producing a stable identifier.
It is one of the strongest fingerprinting signals because it is hard for users to change and requires no permission. Antidetect browsers counter it by adding controlled noise or spoofing consistent canvas output per profile.
Examples
- 01A tracker rendering hidden text to derive a device hash
- 02An anti-fraud check comparing canvas output across sessions
- 03An antidetect profile emitting a spoofed, consistent canvas signature
Common use cases
Frequently asked questions
A site draws hidden graphics on an HTML5 canvas and reads the pixels back. Hardware and software differences make the result device-specific, forming a stable identifier.
It needs no permission, runs invisibly, and depends on hardware traits users cannot easily change, so simply clearing cookies or changing settings does not defeat it.
They either add slight, consistent noise to the canvas output per profile or emit a spoofed signature, so each identity produces a different but stable value.
Blocking it can prevent the fingerprint but also makes you stand out as unusual, which itself is a signal. Consistent spoofing is usually stealthier than outright blocking.
No. WebGL and audio fingerprinting work similarly by measuring how your device renders graphics or processes audio, and they are often combined with canvas.
Ready to put this into practice?
See our independently-scored picks.