Skip to content
Pricing
Log InStart Free TrialBook a Demo
Risk & Detection

Incognito Detection

Incognito detection is the identification of visitors browsing in a private or incognito window, inferred from the behavior of storage APIs and other browser characteristics that differ in private mode. It reveals when a user has disabled the persistent state that fraud controls often rely on.

How it works

How Incognito Detection works

Private browsing modes change how a browser behaves in observable ways, and detection keys on those differences. Historically, storage APIs such as IndexedDB, the FileSystem API, and quota limits behaved differently or were restricted in private windows, and probing them revealed the mode. Browsers continually adjust these behaviors to close such gaps, so detection techniques evolve alongside them.

The detection runs entirely from within the page using standard web APIs, without any special permission, by observing responses to specific storage and capability checks. Because vendors treat private-mode detection as something to frustrate, reliable detection requires keeping pace with each browser's implementation rather than relying on a single fixed trick.

Crucially, detecting incognito is separate from identifying the visitor. Even in private mode, device fingerprinting still produces a visitor identifier because it draws on device characteristics rather than stored state, so the same visitor can be recognized and flagged as being in private mode at the same time.

Why it matters

Why Incognito Detection matters for fraud prevention

Incognito mode is frequently used to evade controls that depend on cookies and local storage: claiming a promotion again, creating extra accounts, or circumventing metered paywalls all become easier when stored state is wiped each session. Detecting private browsing is a useful signal because a legitimate user rarely needs it for these actions, so its presence in an abuse-prone flow raises the appropriate suspicion, especially when paired with a device identifier that private mode cannot reset.

With TRACIO

How TRACIO handles it

TRACIO exposes incognito detection as one of its Smart Signals, and pairs it with an identification approach designed to keep working in private mode. Because the visitor ID is derived from device signals rather than stored cookies, a user cannot escape recognition simply by opening a private window, and the incognito flag tells teams when that evasion is being attempted.

Related reading

Explore further

FAQ

Frequently asked questions

Identify every device with confidence

Start with a free plan of 2,500 API calls per month. No credit card required.