Canvas Fingerprint Test — How It Works & How to Block It (2026)
Every website you visit can silently draw invisible graphics in your browser using the HTML5 Canvas API, then read back the pixel data to create a unique fingerprint from your GPU — no cookies, no login, no storage required. Canvas fingerprinting is one of the most powerful and widespread tracking techniques used today. This guide explains exactly how it works, how to test whether you're exposed, and how to block it in every major browser.
What Is Canvas Fingerprinting?
Canvas fingerprinting exploits a fundamental property of modern browsers: every GPU, graphics driver, and operating system combination renders graphics slightly differently. These differences are invisible to the human eye — we're talking about sub-pixel anti-aliasing variations and floating-point rounding differences in the GPU pipeline — but they produce unique, measurable pixel outputs that can be hashed into a stable identifier.
A website runs this fingerprint silently in JavaScript, usually in under 50 milliseconds, without any visible element appearing on screen. The tracking happens before you even see the page fully load.
How Common Is It?
Studies by Princeton and the EFF found canvas fingerprinting on over 5% of the top million websites as of 2022 — including major news sites, e-commerce platforms, and ad networks. In 2026, usage is significantly higher, as anti-tracking tools have made cookies less reliable and publishers have turned to fingerprinting as a replacement.
How Canvas Fingerprinting Works — Step by Step
<canvas> element with display:none — invisible to you.canvas.toDataURL() or getImageData() converts the rendered output to a base64 string or raw pixel array.0x4a2f9c1e.The Real JavaScript Behind It
Here's a simplified version of what runs on your browser (a real fingerprinter uses more elaborate content):
const canvas = document.createElement('canvas');
const ctx = canvas.getContext('2d');
ctx.textBaseline = 'top';
ctx.font = "14px 'Arial'";
ctx.fillStyle = '#f60';
ctx.fillRect(125, 1, 62, 20);
ctx.fillStyle = '#069';
ctx.fillText('Cwm fjordbank glyphs 😊', 2, 15);
ctx.fillStyle = 'rgba(102, 204, 0, 0.7)';
ctx.fillText('Cwm fjordbank glyphs 😊', 4, 17);
// This output is unique per GPU/OS/driver combo:
const fingerprint = canvas.toDataURL();What Makes Canvas Fingerprints Unique
The rendering differences between devices come from multiple layers:
How Accurate Is Canvas Fingerprinting?
Canvas fingerprinting alone achieves 80–90% uniqueness across browser populations in academic studies. But websites don't rely on canvas alone — they combine it with WebGL, audio, fonts, screen resolution, and dozens of other signals to produce a combined fingerprint that reaches 99%+ uniqueness.
This makes the combined fingerprint more reliable as an identifier than third-party cookies, which are increasingly blocked or deleted. Canvas fingerprinting also works across:
- Multiple browsers on the same device (Chrome + Firefox share the same GPU)
- Incognito / private browsing mode — incognito does NOT prevent it
- After clearing all cookies and browser history
- With a VPN active (IP changes, canvas does not)
How to Test Your Canvas Fingerprint
-
1Open UNDETECT.CLUB in the browser you want to test at undetect.club. The scan starts automatically.
-
2Find the Canvas 2D Fingerprint card — it shows your hash value and whether noise protection is active.
-
3Reload the page — if the hash changes on every reload, Brave or a Canvas Blocker extension is working. If it stays the same, you're fully exposed.
-
4Check the Anti-Fingerprint Tools card — it explicitly detects whether Brave canvas protection or Firefox RFP is active.
How to Block Canvas Fingerprinting
| Method | Browser | How it works | Breaks sites? | Effectiveness |
|---|---|---|---|---|
| Brave Shields | Brave | Adds random noise per origin | Rarely | High |
| privacy.resistFingerprinting | Firefox | Returns blank/uniform canvas | Sometimes | Very High |
| Tor Browser | Tor | Uniform canvas for all users | Sometimes | Very High |
| CanvasBlocker ext. | Firefox/Chrome | Randomize / block canvas API | Rarely | High |
| uBlock Origin | Any | Blocks fingerprinting scripts | Rarely | Medium |
| Incognito only | Any | Nothing (cookie clear only) | No | None |
Brave Browser (Recommended)
Brave injects per-origin random noise into canvas, WebGL, and audio APIs automatically. The noise is small enough that it doesn't visually break websites, but large enough that the fingerprint hash is different for every website and different on every page reload. No configuration needed — just install Brave and canvas fingerprinting is blocked.
For maximum protection: Go to Shields → Fingerprinting → Block all fingerprinting. This uses a stricter blank canvas approach for sites where noise-based protection might not be enough.
Firefox with privacy.resistFingerprinting
Open about:config, search for privacy.resistFingerprinting,
and set it to true. Firefox will then return a blank (all-zeros) canvas for all sites,
making every Firefox RFP user look identical to fingerprinters.
Note: this can break sites that use canvas for legitimate rendering (like Google Maps or WebGL games). Use a separate browser profile for those.
CanvasBlocker Extension
Available for Firefox and Chrome. Intercepts canvas API calls and returns randomized or blocked data. Highly configurable — you can whitelist specific sites that need real canvas access. Works well when combined with uBlock Origin.
Canvas + WebGL + Audio: The Combined Fingerprint
UNDETECT.CLUB tests all three rendering-based fingerprinting vectors:
Combined, these three signals — plus fonts, screen, timezone, and more — create a fingerprint accurate enough to track billions of devices individually.
Frequently Asked Questions
Test Your Canvas Fingerprint — Free, Instant
See your canvas hash, detect noise protection, and get a full privacy score. 32 detectors, zero data collected.
[ CHECK MY CANVAS FINGERPRINT ]