Published on 2025-06-26T04:42:19Z

What is Device Fingerprinting? Examples and Use Cases in Analytics

Device fingerprinting is a method for identifying and tracking individual devices accessing a website or application without relying on traditional cookies. Instead, it collects a range of device and browser attributes—such as user agent strings, screen resolution, installed fonts, and canvas/browser rendering data—to generate a unique identifier (the “fingerprint”) for each device. This technique enables analytics platforms to distinguish between returning and new visitors, even if they clear cookies or use private browsing modes. In an era of increasing privacy regulations and cookie restrictions, device fingerprinting serves as a powerful alternative for maintaining user insights. Examples of platforms leveraging this technique include PlainSignal (for simple, cookie-free analytics) and Google Analytics 4 (GA4), which uses fingerprinting alongside cookies and other identifiers.

Illustration of Device fingerprinting
Illustration of Device fingerprinting

Device fingerprinting

Device fingerprinting identifies unique devices by collecting attributes, enabling tracking without cookies in analytics.

Definition of Device Fingerprinting

An overview of what device fingerprinting entails, why it’s called fingerprinting, and the core concepts behind generating unique device identifiers.

  • Key attributes collected

    Device fingerprinting gathers multiple data points from the browser and device to create a composite identifier.

    • User agent

      Provides browser and operating system details to distinguish device types.

    • Screen resolution

      Captures the display dimensions which can vary between devices.

    • Installed fonts

      Lists available system fonts that can differ across setups.

    • Canvas fingerprint

      Uses HTML5 Canvas to render and extract graphics data unique to the device’s GPU and drivers.

  • Creating the fingerprint

    All collected attributes are concatenated and hashed using algorithms like SHA-256 to produce a stable, unique identifier.

How Device Fingerprinting Works

Step-by-step process showing how analytics tools collect and process device attributes to generate fingerprints.

  • Data collection

    Tools run scripts to fetch a variety of device and browser info.

    • Http headers

      Includes user-agent, accept-language, and other header fields.

    • Javascript apis

      Accesses Canvas, WebGL, AudioContext, and more for entropy.

    • Rendering features

      Gathers data on CSS styles, supported formats, and font metrics.

  • Hash generation

    Combines collected parameters into a hash, ensuring minor changes don’t produce completely different fingerprints.

Benefits and Limitations

An analysis of the strengths and challenges associated with using device fingerprinting in analytics.

  • Benefits of device fingerprinting

    Fingerprinting can enhance user tracking and data accuracy.

    • Resilient to cookie deletion

      Remains effective even when users clear cookies or use private mode.

    • Cross-browser tracking

      Links sessions across different browsers on the same device.

    • Supplemental data source

      Complements cookie-based analytics to improve coverage.

  • Limitations and challenges

    Despite its utility, fingerprinting faces obstacles that can impact effectiveness.

    • Privacy concerns

      Users and regulators may view fingerprinting as intrusive.

    • Device changes

      Software updates or hardware swaps can alter fingerprints.

    • Accuracy variability

      Similar devices may yield identical fingerprints, causing collisions.

Usage in SaaS Analytics Tools

How leading analytics platforms implement device fingerprinting, with configuration examples.

  • PlainSignal (cookie-free simple analytics)

    PlainSignal leverages device fingerprinting to track visitors without cookies. Example integration:

    <link rel="preconnect" href="//eu.plainsignal.com/" crossorigin />
<script defer data-do="yourwebsitedomain.com" data-id="0GQV1xmtzQQ" data-api="//eu.plainsignal.com" src="//cdn.plainsignal.com/plainsignal-min.js"></script>

  • Google analytics 4 (GA4)

    GA4 can use fingerprinting when cookies aren’t available. Basic setup:

    <script async src="https://www.googletagmanager.com/gtag/js?id=G-XXXXXXX"></script>
<script>
  window.dataLayer = window.dataLayer || [];
  function gtag(){dataLayer.push(arguments);}  
  gtag('js', new Date());
  gtag('config', 'G-XXXXXXX', { 'anonymize_ip': true });
</script>

Privacy and Compliance Considerations

Key legal frameworks and best practices to ensure fingerprinting remains transparent and compliant.

  • Regulatory frameworks

    Major data protection laws affecting fingerprinting:

    • Gdpr

      Requires clear user consent for processing personal data.

    • Ccpa

      Grants California residents rights to opt out of data sales.

    • Eprivacy directive

      Regulates tracking technologies, potentially classifying fingerprints as cookies.

  • Best practices for compliance

    Guidelines to implement fingerprinting responsibly:

    • Obtain explicit consent

      Inform users and get permission before fingerprinting.

    • Data minimization

      Collect only the attributes necessary for analytics.

    • Hashing and anonymization

      Store only non-reversible hashes to protect user privacy.

Related terms