Advanced Fingerprint & Leak Detection
How Easily Can You Be Tracked?
51 live signals — audio, canvas, and font fingerprinting, bot detection, and leak checks — run the moment this page loads.
Understanding Every Signal
What each measurement above actually means, why it's measured this way, and whether there's anything you can realistically do about it.
Fingerprinting Surface
Audio Fingerprint Hash & Sample Rate
Your browser is asked to silently render a short, heavily-distorted tone using the Web Audio API — nothing is actually played, it all happens in memory. The exact floating-point output of that rendering depends on your specific audio hardware, drivers, and CPU, so the resulting hash is often unique to your device. The sample rate (almost always 44100Hz) is reported alongside it as supporting context, not as a fingerprinting signal on its own.
Audio Entropy Score & Hardware Variance
This is a heuristic, not a measured population statistic — we don't have access to a database of every possible result to compare you against. Instead, it looks at how many decimal places of genuine precision appeared in the raw audio output. More precision suggests more hardware-specific variance was captured, and therefore more potential to be distinctive.
Canvas Fingerprint Hash & Rendering Anomaly
A hidden HTML5 canvas draws text and shapes using specific colors and font settings, then the resulting image is exported and hashed. Anti-aliasing, sub-pixel rendering, and font smoothing all vary subtly by GPU, operating system, and browser engine — enough that the hash is frequently unique. An "anomaly" simply means the exported image came back unusually small, which typically indicates a privacy extension blocked or spoofed the canvas read.
Fonts Detected & Font Uniqueness Score
We measure the rendered width and height of test text in 20 specific fonts and compare each against generic fallback fonts. If the measurement differs from the fallback, that font is installed on your system. The specific combination of installed fonts — especially less common ones — can narrow down your device, operating system, and sometimes even your region or profession.
Notable Fonts Found
This lists exactly which of the 20 tested fonts were detected as installed. A short list here usually just means a clean, default device install — it isn't a red flag on its own, only one input into the overall uniqueness picture.
ClientRects Hash & Sub-Pixel Rendering Variance
Every browser measures the exact pixel dimensions of rendered text slightly differently, down to fractions of a pixel, due to differences in font hinting and rendering engines. We measure one short string's bounding box and hash the width and height together. It's a quieter signal than canvas or audio fingerprinting, but it costs nothing extra to check and adds a bit more certainty when combined with the others.
Bot & Automation
Webdriver Detected & Automation Signals
Automated browsers controlled by tools like Selenium or Puppeteer set a flag called navigator.webdriver to true, and some leave other traces too, like an empty languages list or a "HeadlessChrome" string in the user agent. None of these alone is conclusive proof, which is why we report a confidence level rather than a flat yes or no — this matters far more to website operators screening for bots than it does to an individual visitor.
Bot Detection Confidence
High confidence means the webdriver flag itself was detected, which is a strong signal. Medium means one or more secondary signals appeared without the flag itself. Low means none of the signals we check for were present — consistent with an ordinary human-operated browser.
Private Browsing Detected & Storage Quota
This is a heuristic based on your browser's reported storage quota — private and incognito sessions typically get a much smaller quota than a normal session, often under 120MB versus several gigabytes. It isn't a guaranteed detection, since the exact threshold varies by browser and changes over time, but it's a reasonably reliable signal in practice.
Ad Blocker Detected
We insert a hidden element using classic ad-related class names like "ad-banner" and "adsbox," then check whether it got hidden. Ad blockers that filter by class name will collapse it to zero size; if nothing intervenes, the element stays at its normal size. This is the same basic technique most ad-blocker-detection scripts use.
Leak & Network Signals
HTTP Headers (Accept-Language, Accept-Encoding, and the full table)
Your own page's JavaScript can't see the headers its own request sent — only the server receiving that request can. This is the one signal on this page that needs a backend round trip rather than running purely in your browser: a small server endpoint reads the real headers and echoes them straight back to you. Accept-Language in particular can reveal your true language preferences even if you've manually changed your browser's display language to mask your region.
IPv6 Connectivity & IPv6 Leak Detected
Some VPNs only tunnel IPv4 traffic, leaving a device's native IPv6 connection exposed and able to bypass the VPN entirely — defeating its purpose without any obvious warning. This check asks our backend to report which IP version your specific request actually arrived over. Worth knowing honestly: this result depends partly on whether the hosting infrastructure between you and our server fully supports IPv6 end to end, so treat "IPv4 Only" as informative rather than a hard guarantee that IPv6 is unavailable to you elsewhere.
Geolocation
Geolocation Permission
This page never asks your browser for a fresh location permission prompt of its own. It only reads real GPS coordinates if you'd already granted location access to this site previously, somewhere else. If the permission state is "prompt" or "unsupported," that's simply reported as-is — we'd rather show an honest gap than push for a permission grant that isn't already there.
GPS Latitude, Longitude & Accuracy Radius
When available, this is your device's actual GPS-reported position, accurate to within the radius shown — typically a few meters on a phone with a clear sky view, much wider indoors or on a laptop with no GPS hardware at all, where it falls back to Wi-Fi or IP-based estimation.
GPS vs IP Location Match
Your IP address resolves to a location based on your ISP's registered infrastructure, which can be a city or more away from where you actually are. Comparing that against your real GPS position, when both are available, is one of the more reliable ways to catch a VPN or proxy in use — a large mismatch between the two is a meaningful signal that your apparent network location isn't your real one.
Environment Signals
Media Queries Tested & Matched
We check your browser's response to 15 specific CSS media features — things like color scheme preference, hover capability, pointer precision, and display mode. None of these need a stylesheet at all; they're tested directly through the same JavaScript API your browser already exposes. The specific combination of which features match can hint at your device type and accessibility settings.
Display Mode, Color Scheme & Reduced Motion Preference
Display mode tells us whether you're viewing this in an ordinary browser tab or as an installed app. Color scheme and reduced motion reflect your operating system's accessibility settings, which sites can use to adapt automatically — and which also feed into the broader fingerprint, since most users never change these from their device's default.
Extensions Detected & Detection Method
This checks for a short list of well-known browser extensions by attempting to load each one's own internal resource files, which only succeeds if that exact extension is installed. It only works in Chromium-based browsers, since the technique relies on a URL scheme specific to that browser family — Firefox and Safari correctly report "not applicable" rather than a fake zero.
Speech Synthesis Voice Count, Hash & Default Voice
Your operating system's installed text-to-speech voices vary by platform, region, and language packs installed, and the exact list is visible to any page without asking permission. We hash the sorted list of voice names into a single fingerprint value, since the precise combination is often distinctive even when individual voices like a default English voice are common.
Audio Input, Output & Video Input Device Counts
The number of microphones, speakers, and cameras connected to your device is visible without requiring camera or microphone permission — only the device names require that. A laptop with a built-in camera and mic typically shows small counts like one of each; a desktop with multiple monitors and audio outputs often shows more.
Math Engine Hash & Consistency
Transcendental math functions like tangent, sine, and logarithm can differ in their very last decimal digits depending on the exact JavaScript engine and CPU architecture running them. We run a small fixed set of these calculations and hash the combined result — a quiet but genuine signal that requires no special permissions and costs almost nothing to check.
What You Can Actually Do About This
A VPN doesn't help here, and that's worth knowing plainly
Every other panel on IntelReap focuses on your network connection — your IP, your ISP, whether a VPN is active. None of that touches what's measured on this page. Audio rendering, canvas drawing, and font lists are properties of your browser and device, not your network path, so they look identical whether you're on your home connection or routed through five different VPN servers. If reducing your fingerprint specifically matters to you, the tools that help are browser-level, not network-level: Firefox's strict tracking protection and resistFingerprinting setting, or privacy-focused browsers like Brave and Tor Browser, which deliberately randomize or normalize many of the signals measured here.
Blocking everything can backfire
It's tempting to assume disabling every fingerprinting surface is automatically safer, but an unusually large number of disabled APIs is itself a distinguishing pattern — very few ordinary visitors have audio, canvas, and WebGL all blocked simultaneously. The browsers that handle this well, like Tor Browser, work by making everyone's fingerprint look the same as everyone else's, rather than making any one visitor's fingerprint look empty.