What's the best free tool to test my browser fingerprint?

CreepJS for the most thorough technical analysis. EFF Cover Your Tracks for a user-friendly privacy audit. Use both together — they catch different issues. For headless-browser detection specifically, add bot.sannysoft.com to the rotation.

What does it mean if my fingerprint is unique?

Websites can identify you across sessions even without cookies. AmIUnique shows the percentage of users sharing your fingerprint — typical result is <0.01% (unique among 1M users). For privacy, less unique is better; for security/fraud detection, more unique is better. Antidetect browsers aim for 'common-looking' fingerprints that blend in.

How often should I retest my fingerprint?

After any browser update (rendering can change), after installing new fonts or extensions (changes the font list), after switching to a new device, and periodically as fingerprinting tools evolve (CreepJS adds new checks regularly). For antidetect users: before each new profile deployment.

Does using a VPN change my fingerprint test results?

Only the IP geolocation portion. Browser-level signals (canvas, WebGL, fonts, audio) are unchanged by a VPN. CreepJS checks consistency between timezone and IP — if you VPN to Germany but your timezone says New York, that's an inconsistency flag.

What if my fingerprint hash changes every test?

Either (1) you have an anti-fingerprinting tool that randomizes per-page (Brave shields, CanvasBlocker), which produces an obvious bot signal to anti-bot services, or (2) you're testing in different conditions each time. For antidetect setups, your hash should be STABLE across reloads — randomization is itself detection-bait.

Can I test my fingerprint programmatically?

Yes — self-host CreepJS or another open-source tester, then hit it with Playwright/Puppeteer and parse the DOM for the relevant scores. For commercial reliability, FingerprintJS Pro offers an API that returns a Visitor ID you can compare across profiles programmatically. Useful for CI validation of antidetect setups.

Should I worry about being identifiable?

Depends on your threat model. For general web browsing, fingerprint uniqueness mostly matters for ad targeting (mild concern) and login fraud detection (helpful). For scrapers and multi-account operations, identifiable fingerprints get you flagged and banned. For privacy advocates, less unique is always better.

What's the most identifying signal in a typical fingerprint?

Canvas hash and WebGL renderer string. Canvas combines OS + browser + GPU + driver into a single hash — usually 95%+ unique. WebGL exposes GPU model directly, also highly unique. Audio context fingerprint is third most identifying. Spoofing only one of these without the others fails consistency checks.

How to Verify Your Browser Fingerprint (2026 Tools)

Alex R.

Mon May 11 2026

Quick verdict: Five free tools cover different angles of fingerprint verification: CreepJS for the most thorough technical analysis, EFF Cover Your Tracks for user-friendly privacy audit, FingerprintJS demo to see what commercial trackers see, AmIUnique for uniqueness ranking against a research database, and SannySoft specifically for headless-browser detection. Use them all when validating an antidetect setup — each catches different issues.

Why Verify?

Three use cases for fingerprint testing:

Privacy audit: understand what websites can see about you
Antidetect setup validation: confirm your spoof works before deploying
Anti-bot bypass research: identify the signals that flag your scraper

No single tool covers all three. Combining them gives the complete picture.

1. CreepJS (Most Thorough)

URL: abrahamjuliot.github.io/creepjs

Strength: Detects anti-fingerprinting tools themselves — flags inconsistent or patched signals. Best for validating antidetect browser setups.

Key outputs:

Trust Score (target: 85%+ for antidetect, 95%+ for normal browsing)
Lies Detected count (target: 0)
Per-signal breakdown (canvas, WebGL, audio, fonts, ...)
Fingerprint hash (check reload consistency)

Best for: Antidetect browser users, anti-bot researchers. Full CreepJS guide.

2. EFF Cover Your Tracks

URL: coveryourtracks.eff.org (formerly Panopticlick)

Strength: User-friendly. Tells you in plain English how unique your fingerprint is and what your biggest privacy issues are. Maintained by the EFF.

Key outputs:

Tracking protection score (Strong / Some / Limited)
Bits of identifying information (~17+ usually = uniquely identifiable)
Specific list of what trackers can see
Recommendations to improve

Best for: Non-technical privacy audit. Sharing with team members or clients to make the case for privacy tooling.

3. FingerprintJS Demo

URL: fingerprint.com

Strength: Shows the EXACT fingerprint that the largest commercial fingerprinting library produces. If FingerprintJS Pro identifies you as the same user across visits/incognito/VPN changes, sites using FingerprintJS will too.

Key outputs:

Your Visitor ID (the persistent identifier)
Confidence score
Per-visit detection (incognito, VPN, etc.)

Best for: Testing whether your antidetect setup defeats commercial fingerprinting. If FingerprintJS still recognizes you across two profiles, your spoof is incomplete.

4. AmIUnique

URL: amiunique.org

Strength: Compares your fingerprint to a research database of 1M+ browsers. Tells you what percentage of users share each of your signals.

Key outputs:

Overall uniqueness (typically <0.01%, meaning unique among the dataset)
Per-signal uniqueness percentages (which signals make you most identifiable)
Comparison to typical Windows/macOS/Linux baselines

Best for: Understanding which specific signals contribute most to your uniqueness. If your canvas hash is 99.99% unique, that is your top fix.

5. SannySoft Bot Test

URL: bot.sannysoft.com

Strength: Specifically tests for headless-browser and bot tells. Tests 50+ properties commonly used by anti-bot services to identify automation.

Key outputs:

Pass/fail for each detection check
navigator.webdriver status
Plugin/MIME emptiness check
Permissions API behavior
Chrome runtime check

Best for: Validating Playwright/Puppeteer stealth setups. If SannySoft passes all checks, your headless browser will pass most anti-bot WAFs at the basic-detection level.

Verification Workflow for Antidetect Browsers

Before deploying a profile to production:

SannySoft — confirms no obvious headless tells
CreepJS — confirms signals are consistent (no lies detected) and Trust Score > 85%
Reload CreepJS — confirms fingerprint hash is identical across reloads (stability)
FingerprintJS demo — confirms commercial tools cannot link this profile to your other profiles
AmIUnique — identifies any single signal that is overly unique
EFF Cover Your Tracks — final user-friendly sanity check

For Playwright/Puppeteer setups, add the bot.sannysoft.com check to your CI pipeline — it can catch broken stealth plugins before you deploy.

Time-Based Verification

Single-point-in-time testing misses one big category: PERSISTENCE. A real user has the SAME fingerprint today and next week. An over-randomized spoof produces different fingerprints on each session.

Test for persistence: visit CreepJS now and tomorrow, with the same antidetect profile. The fingerprint hash should be identical. If it changes, your spoof is randomizing too aggressively.

Test With Your Real Proxies

Run all tests through the SAME proxy your scraper will use. The IP geolocation gets compared to timezone, language, and locale. A US English-language browser claiming America/Los_Angeles routing through a German IP → flagged by services that cross-check.

For proper validation: antidetect browser + matching country proxy. LTE Mobile proxies with city-level targeting let you match the IP location to the spoofed timezone exactly.

Automating Verification

For scaled antidetect operations (50+ profiles), manual testing is impractical. Options:

Self-host CreepJS via the GitHub repo, hit programmatically with Playwright, parse the DOM for the Trust Score and Lies count.
Use FingerprintJS Pro API ($, but generates programmatic visitor IDs you can compare across profiles).
Internal sentinel page — build a single-page app that runs all the key checks, deploys to your test environment, gets hit by each profile.