Explained
Browser fingerprinting collects a basket of attributes from your browser and turns them into a stable identifier. Even without cookies, the combination of User-Agent, language, time zone, screen resolution, installed fonts, canvas rendering hash, WebGL renderer string, audio context fingerprint, and dozens of other signals is unique enough to identify a single browser across sessions with surprising accuracy.
The two big categories are passive and active fingerprinting. Passive fingerprinting reads attributes the browser exposes implicitly: User-Agent, Accept-Language, sec-ch-ua client hints. Active fingerprinting runs JavaScript that probes the browser's rendering engine, audio engine, GPU, and timing characteristics, then computes a hash.
For scraping and automation, fingerprinting matters because IP rotation alone isn't enough. If you rotate through 10,000 residential IPs but every request carries the same canvas fingerprint and same Playwright-default User-Agent, the destination can correlate all 10,000 requests to the same scraper instance. Modern anti-bot systems (Cloudflare, Akamai, PerimeterX, Datadome) all use fingerprinting heavily alongside IP analysis.
How It Works
When your browser loads a page with fingerprinting code, the script enumerates browser properties (UA, language, plugins, screen, time zone), draws a hidden canvas with specific text and gradients then reads back the rendered pixels (canvas fingerprint), creates a WebGL context and reads the GPU vendor and renderer strings (WebGL fingerprint), generates a tone with the audio API and reads the spectrum (audio fingerprint), and times specific operations (math.tan, performance.now drift) for hardware signals.
All those values get hashed into a fingerprint ID and sent back to the server. Because the combination of even a dozen of these attributes is highly unique, the resulting ID stably identifies the browser across cleared cookies, new sessions, and different IPs.