Skip to content
Pricing
Log InStart Free TrialBook a Demo
Fingerprinting

Canvas Fingerprinting

Canvas fingerprinting is a technique that renders text or graphics to an HTML5 canvas element and reads back the resulting pixel data to derive a device-specific identifier. Tiny differences in GPU, graphics driver, font rasterization, and anti-aliasing cause the same drawing instructions to produce subtly different pixels on different machines.

How it works

How Canvas Fingerprinting works

A script creates an off-screen canvas and issues drawing commands, typically rendering a string of text in specific fonts along with shapes, gradients, and colors. The browser hands these instructions to the graphics stack, where the exact pixels produced depend on the operating system, GPU, driver version, and font-hinting engine.

The script then calls a method such as toDataURL or getImageData to extract the rendered pixel buffer. This buffer is hashed into a compact value. Because the rendering pipeline differs across devices, the hash tends to be consistent for one device and to vary across devices, making it a useful discriminating signal.

Canvas output is relatively stable over time because the underlying hardware and drivers change infrequently. However, it can shift after a driver update, an operating-system upgrade, or a change in browser rendering behavior, so it is usually combined with other signals rather than trusted alone.

Privacy tools and some browsers counter canvas fingerprinting by adding random noise to pixel data or by prompting before allowing readback. This deliberate perturbation is itself detectable and can be treated as its own signal.

Why it matters

Why Canvas Fingerprinting matters for fraud prevention

Canvas fingerprinting contributes high-entropy information about the underlying hardware, which makes it valuable for distinguishing devices that otherwise look identical at the browser level. In fraud prevention it helps expose farms of similar machines, emulators, and anti-detect browsers that spoof higher-level attributes but cannot easily fake the true rendering pipeline. It is a workhorse signal for cookieless device recognition.

With TRACIO

How TRACIO handles it

TRACIO uses canvas rendering as one of its 130+ signals, weighting it by how distinctive and stable it proves to be for a given visitor rather than treating it as a unique ID on its own. Because attackers may inject canvas noise, TRACIO cross-checks it against other rendering and hardware signals so that spoofing one dimension does not defeat identification. This keeps recognition robust while feeding the overall confidence score.

FAQ

Frequently asked questions

Identify every device with confidence

Start with a free plan of 2,500 API calls per month. No credit card required.