VPN detection, incognito mode, browser tampering, virtual machines, and privacy browsers — all computed server-side for accuracy and delivered in a single API response.
1 in 5 visitors uses a VPN in 2025. On Chromium desktop, 1 in 3 does. Hidden traffic is the new normal.
Fingerprint Device Intelligence Report, 2026
Reliably detect private browsing mode across Chrome, Firefox, Safari, and Edge using multi-signal correlation.
Spot UA spoofing, canvas blocking, WebGL manipulation, and prototype-chain tampering in one pass. 4.4% of desktop sessions now show tampering.
Flag VirtualBox, VMware, Parallels, QEMU, and cloud VM instances from GPU and hardware signals.
Recognize Brave, Tor Browser, Firefox with Enhanced Tracking Protection, and other privacy-hardened browsers.
Surface when the browser dev tools panel is open or was recently used during a session.
An AI-weighted composite risk score that rolls up all 24 signals into a single actionable threat index.
Our lightweight SDK collects 1,200+ browser signals in under 50ms with zero impact on user experience.
Server-side AI engine analyzes signals, applies advanced matching, and computes confidence scores.
Get a stable visitor ID, bot detection results, smart signals, and IP intelligence in a single API response.
A few lines of code, one API response with everything you need.
const result = await tc.get();console.log(result.signals.incognito); // trueconsole.log(result.signals.tampering); // { detected: true, type: "ua_spoof" }console.log(result.signals.vm); // { detected: false }console.log(result.signals.suspectScore); // 72We detect incognito mode across Chrome, Firefox, Safari, and Edge using multiple independent techniques. These include filesystem API quota differences, IndexedDB behavior variations, and CSS-level feature detection differences between normal and private browsing. Our detection works even as browsers patch individual detection vectors, because we use redundant signals.
The Smart Signals tampering module flags browsers whose properties have been modified from genuine values. It cross-validates navigator.platform against UA claims, verifies WebGL renderer strings against expected GPU models, checks CSS media queries against reported screen dimensions, and detects API overrides via proxy objects. Browser tampering now affects 4.4% of desktop identifications — nearly doubling year-over-year.
VMs and emulators leave subtle but measurable traces that differ from physical hardware. Smart Signals inspects WebGL renderer and vendor strings for VM markers (VirtualBox, VMware, QEMU), checks for emulator-specific hardware profiles, and detects synthetic sensor data — covering both desktop VMs and mobile emulators used in fraud.
The Smart Signals suspect score (0–100) rolls up 24 individual smart signals into one actionable risk number. Each detected anomaly — VPN usage, incognito mode, browser tampering, automation markers — adds a weighted contribution. Weights are calibrated against production fraud data. Scores above 70 flag high risk; below 30 signals low risk.
See how teams use Smart Signals to solve real-world problems.
Detect incognito mode, VPNs, and browser tampering during login attempts.
Learn moreScore transaction risk using 24 server-side signals before processing payment.
Learn moreProtect premium content from unauthorized access, VM-based scraping, and sharing.
Learn moreGet started in minutes. No third-party data sharing, full data ownership, complete control.
14-day free trial · Full platform access · 5-minute integration