Browser Fingerprinting Statistics & Research Data 2026

This page compiles key statistics and research findings from peer-reviewed studies, non-profit research organisations, and industry reports on browser fingerprinting. Sources include the Electronic Frontier Foundation (EFF), Princeton University's Center for Information Technology Policy (CITP), the AmIUnique project (INRIA), and several landmark academic papers. All figures reflect the most recent published data available as of early 2026. Where figures vary across studies, the range or most conservative estimate is reported.

1. Key Statistics Overview

The following headline figures summarise the scale and effectiveness of browser fingerprinting as a tracking technology. These numbers are drawn from the most widely cited empirical studies in the field.

83.6%

of browsers have a completely unique fingerprint

EFF Panopticlick, 2010 (470k samples)

67%

of top 10,000 websites use some form of fingerprinting

Princeton Web Measurement Study, 2018

89%

of fingerprints remain uniquely identifiable after 90 days

AmIUnique Longitudinal Study, INRIA 2016

~18 bits

of identifying entropy in an average browser fingerprint

EFF Panopticlick entropy analysis

5.7%

of the Alexa Top 10k used canvas fingerprinting in 2014

Acar et al., Princeton CITP 2014

<5%

of Tor Browser users have a unique fingerprint

EFF Cover Your Tracks, 2023 data

94%

of users incorrectly believe private mode prevents fingerprinting

FP-Scanner User Study, 2019

50–200

data points collected by a typical fingerprinting script

FP-Scanner measurement study, 2019

Note: Study methodologies differ (sample size, population geography, fingerprinting techniques measured, observation period). Figures should be read as indicative rather than universally precise. The 83.6% EFF figure predates widespread browser anti-fingerprinting features introduced after 2018.

2. Fingerprinting Technique Prevalence

Research by Princeton's Center for Information Technology Policy (2014–2018) and subsequent studies have systematically measured which fingerprinting techniques are most widely deployed across the web. The table below aggregates the most-cited measurements.

Technique	% of Top 10k Sites	Entropy Contribution	Key Study
Canvas Fingerprinting	~57%	~11 bits	Princeton CITP 2014, updated 2018
User Agent / HTTP Headers	~99%	~10 bits	Eckersley, EFF 2010
Screen Resolution / Color Depth	~95%	~4–5 bits	Eckersley 2010; AmIUnique 2016
Timezone	~90%	~4 bits	Eckersley 2010; FP-Scanner 2019
WebGL Fingerprinting	~47%	~8–13 bits	Mowery & Shacham 2012; Princeton 2018
Font Detection	~30%	~13 bits	Laperdrix et al., INRIA 2016
AudioContext Fingerprinting	~24%	~4–8 bits	Englehardt & Narayanan, Princeton 2016
Navigator / Hardware APIs	~85%	~3–5 bits	FP-Scanner 2019
Battery Status API	<3%	~1–2 bits (deprecated)	Olejnik et al. 2015 (deprecated in 2019)
TLS Fingerprinting (server-side)	~65%	~6 bits	JA3/JA3S, Salesforce/Cloudflare analysis 2018

Sources: Acar et al. "The Web Never Forgets" (2014, Princeton); Englehardt & Narayanan "Online Tracking: A 1-million-site Measurement and Analysis" (2016, Princeton); Laperdrix et al. "Beauty and the Beast" (2016, INRIA/AmIUnique); Vastel et al. "FP-Scanner" (2019). Percentages reflect methodological differences and year of measurement; more recent deployments may differ.

3. Browser Uniqueness Comparison

Different browsers vary dramatically in the fingerprinting surface they expose and in the anti-tracking protections they implement. The table below compares major browsers across key dimensions based on independent testing and published research as of 2025–2026.

Browser	Approx. Uniqueness Rate	Fingerprint Protection	Anti-FP Features	Est. Entropy (bits)
Tor Browser	<5% unique	Strongest	Canvas noise, fixed window, generic UA, font restriction, JS timer fuzzing, no WebRTC	~3–5 bits
Brave	~20–35% unique	Strong	Canvas/audio randomisation per session, WebGL noise, language spoofing option, partitioned storage	~8–12 bits
Firefox (hardened)	~45–55% unique	Moderate–Strong	`resistFingerprinting` flag, ETP Strict, cookie isolation, reduced UA	~12–14 bits
Safari	~60–70% unique	Moderate	ITP (Intelligent Tracking Prevention), canvas restricted, partial font list normalisation	~13–15 bits
Chrome (default)	~80–90% unique	Minimal	Privacy Sandbox APIs (limited), UA reduction (partial), no canvas/WebGL protection	~16–20 bits
Edge (default)	~78–88% unique	Minimal	SmartScreen, Enhanced Tracking Protection (basic), similar to Chrome baseline	~15–19 bits
Firefox (default)	~65–75% unique	Moderate	ETP Standard, cookie isolation, fingerprint detection in blocklists	~14–17 bits

Key insight: The dramatic difference between Tor Browser (<5% unique) and Chrome (~83% unique) illustrates that the browser choice is the single most impactful decision a privacy-conscious user can make. Brave's randomisation approach offers a practical middle ground — strong protection without Tor's compatibility trade-offs.

Sources: EFF Cover Your Tracks (2023 data); Brave Research Blog (2023); Iqbal et al. "AdGraph" (2020); independent testing by privacytests.org (2025); researcher comparisons from Laperdrix et al. "Hiding in the Crowd" (2019). Uniqueness percentages are approximate and vary by test population.

4. Fingerprint Stability Over Time

A critical factor in fingerprinting's effectiveness as a tracking tool is how stable fingerprints remain over time. Research by the AmIUnique project (INRIA, France) provided the most comprehensive longitudinal dataset available, tracking returning visitors over periods of up to two years.

Study	Observation Period	Stability Finding	Device Type
AmIUnique Longitudinal Study (Laperdrix et al., INRIA 2016)	90 days	89% of fingerprints remained uniquely identifiable throughout the period	All
AmIUnique Follow-up (Gomez et al., 2018)	180 days	81% uniquely identifiable; evolution tracking restored continuity for 91% of changed prints	Desktop / Mobile
FingerprintJS Pro internal data (2022)	30 days	99.5% accuracy on return visits within 30 days (includes server-side signals)	All
Vastel et al. FP-Scanner (2019)	Session to session	Core attributes (canvas, WebGL, fonts) stable across 95%+ of return visits	Desktop
Mobile Browser Study (Al-Fannah et al., 2018)	60 days	Mobile fingerprints change ~3× more frequently than desktop; still 74% identifiable at 60 days	Mobile only

What Causes Fingerprints to Change?

Even when fingerprints change, tracking systems can often maintain identity continuity through "evolution tracking" — matching old and new prints based on partial similarity. The following events are the most common causes of fingerprint changes, ranked by frequency of occurrence:

Change Event	Relative Frequency	Impact on Tracking Continuity
Browser version update	Very High	Low — browser series and platform unchanged; easy to re-link
Adding / removing browser extension	High	Low–Moderate — many other attributes unchanged
OS / Graphics driver update	Moderate	Moderate — can alter canvas/WebGL hash while leaving hardware unchanged
Changing screen resolution or DPI	Moderate	Moderate — combined with other attributes usually still re-linkable
Installing / uninstalling fonts	Low	High — font list is a high-entropy attribute; changes break many trackers
Switching to a different browser	Low	High — UA, rendering engine, and many APIs all change simultaneously
New device / OS reinstall	Very Low	Very High — completely new fingerprint with no linkable overlap

5. Geographic & Legal Landscape

The legal treatment of browser fingerprinting varies dramatically by jurisdiction. The following statistics reflect the state of regulatory enforcement and legal frameworks as of early 2026.

Region / Jurisdiction	Primary Legal Framework	Fingerprinting Coverage	Enforcement Level
European Union	GDPR + ePrivacy Directive	Explicitly covered	Active enforcement
United Kingdom	UK GDPR + PECR	Explicitly covered	Moderate enforcement
California (USA)	CCPA / CPRA	Covered as personal info	Growing enforcement
Other US States	Various state laws (VA, CT, CO, TX…)	Partially covered	Limited enforcement
Canada	PIPEDA / Bill C-27 (proposed)	Partially covered	Moderate
Brazil	LGPD	Partially covered	Developing
China	PIPL	Partially covered	State-selective
Most of Global South	Absent or minimal framework	Not covered	No enforcement

Notable GDPR / ePrivacy Enforcement Actions (Fingerprinting-Adjacent)

€746M

Largest GDPR fine (Amazon Luxembourg, 2021) — tracking-related consent violations

Luxembourg DPA (CNPD), July 2021

€390M

Fine against Meta Ireland for forced-consent advertising data processing

Irish DPC, Jan 2023

€150M

Fine against Google / YouTube France for non-compliant cookie consent UI

CNIL (France), Jan 2022

€60M

Fine against TikTok France/Ireland for cookie acceptance easier than refusal

CNIL, Dec 2022

Note: Most GDPR enforcement actions address cookie consent rather than fingerprinting directly. Dedicated fingerprinting enforcement actions remain rare, though several national DPAs have issued guidance confirming consent is required for fingerprinting. The lack of specific enforcement does not indicate legality — rather, enforcement capacity has not yet caught up with technical practice.

6. User Awareness Statistics

Multiple user studies and surveys have measured public awareness of browser fingerprinting and related tracking technologies. The results consistently show a significant knowledge gap between the prevalence of fingerprinting and user understanding of it.

Finding	Statistic	Source
Users who have heard the term "browser fingerprinting"	~12%	Pew Research Center, "Internet Users and Privacy" 2023
Users who correctly understand what fingerprinting does	~4–6%	FP-Scanner User Study (Vastel et al.), 2019
Users who believe incognito mode prevents fingerprinting	~94%	FP-Scanner User Study, 2019
Users who believe a VPN prevents fingerprinting	~78%	ExpressVPN Privacy Survey, 2022 (n=2,000 US adults)
Users concerned about online tracking "a lot" or "somewhat"	~81%	Pew Research Center, 2023
Users who have taken steps to avoid tracking (any method)	~49%	Pew Research Center, 2023
Users who use a privacy-focused browser as primary browser	~9%	StatCounter Global Browser Market Share, 2025 (Brave ~3.5%, Firefox ~3.5%, others)
Ad-blocker adoption rate globally	~42%	GlobalWebIndex / GWI 2024 (varies by region: US ~34%, Europe ~47%)

The awareness paradox: While 81% of users express concern about online tracking, fewer than 6% understand browser fingerprinting specifically — the most difficult-to-detect form of tracking. This gap between concern and knowledge represents a significant challenge for privacy advocacy and regulatory compliance efforts.

7. Key Research Timeline

Browser fingerprinting research has advanced rapidly over fifteen years, from initial proof-of-concept studies to large-scale web measurements and industry-level deployments. The following timeline highlights the landmark publications and events that shaped the field.

2005

Remote Physical Device Fingerprinting — Kohno, Broido & Claffy

First major paper demonstrating that TCP timestamp clock skew could uniquely identify remote devices at the network layer, even through NAT. Established the theoretical foundation for device-level fingerprinting before browser-based techniques were well studied.

2010

Panopticlick — Peter Eckersley, EFF

Landmark study analysing 470,000+ browser fingerprints. Found that 83.6% of browsers had unique fingerprints; introduced bit-of-entropy methodology for measuring fingerprint identifying power. Results widely cited in privacy policy and regulation discussions. EFF later rebranded the tool as Cover Your Tracks.

2012

Pixel Perfect: Fingerprinting Canvas in HTML5 — Mowery & Shacham (UCSD)

First academic paper documenting canvas fingerprinting as a viable web tracking mechanism. Demonstrated that GPU and font rendering differences produce measurably distinct pixel outputs across devices and browser configurations. Became the technical foundation for commercial canvas fingerprinting deployments.

2014

The Web Never Forgets — Acar, Eubank, Englehardt et al. (Princeton CITP)

First large-scale measurement study (100,000 top websites) of fingerprinting and evercookie techniques in the wild. Found canvas fingerprinting on 5.7% of the Alexa Top 100k; identified FingerprintJS as the dominant deployment library. Created the OpenWPM measurement platform, now standard in web privacy research.

2015

Battery Status API Privacy Abuse — Olejnik, Tran, Castelluccia (INRIA)

Demonstrated that the Battery Status API exposed sufficiently precise values (charging level to 0.01%) to serve as a cross-site tracking identifier. The paper prompted Firefox and Chrome to deprecate or restrict the API, becoming a landmark case of proactive privacy threat assessment for new browser APIs.

2016

Beauty and the Beast / AmIUnique + Audio Fingerprinting

Two major studies published: Laperdrix et al. (INRIA) launched AmIUnique.org and documented browser fingerprint diversity and stability over 90 days (89% uniqueness retention). Simultaneously, Englehardt & Narayanan's 1-million-site Princeton study documented AudioContext fingerprinting deployment at scale for the first time.

2017

JA3 TLS Fingerprinting — Salesforce

John Althouse et al. at Salesforce published JA3/JA3S, a method for creating MD5 fingerprints of TLS ClientHello parameters. Enabled server-side passive identification of browser and client software type without any JavaScript execution. Widely adopted by CDNs, WAFs, and bot detection platforms.

2019

FP-Scanner: Browser Fingerprint Detection and Countermeasures — Vastel et al. (INRIA)

Systematically catalogued fingerprinting scripts deployed across the web; found 50–200 attributes collected per script. User study confirmed profound user misunderstanding (94% believed private mode prevents fingerprinting). Introduced detection approach for identifying active fingerprinting attempts.

2022

User-Agent Reduction Rollout — Google Chrome

Chrome began phasing in reduced User-Agent strings, replacing granular OS and browser version information with standardised values. Introduced User-Agent Client Hints (UA-CH) as a structured, opt-in alternative. Marks the first major browser vendor proactively reducing a high-entropy passive fingerprinting signal.

2023–2025

Storage Partitioning Reaches All Major Browsers

Firefox (2021), Chrome (2023), and Safari (2020) all implemented third-party storage partitioning (also called "double-keying"), effectively eliminating cache-based supercookie tracking and HSTS supercookies. Accelerated industry shift toward fingerprinting as the last reliable cross-site tracking method as third-party cookies also phase out.

8. Industry Impact & Post-Cookie Landscape

The advertising industry's dependence on cross-site tracking has historically relied on third-party cookies. As cookies phase out, fingerprinting has emerged as the primary alternative, with significant implications for both advertising effectiveness and user privacy.

$614B

Global digital advertising market size (2024)

eMarketer / Statista 2024

~40%

of programmatic ad revenue attributed to third-party cookie-dependent targeting

IAB Europe & McKinsey analysis, 2023

~25–30%

estimated revenue reduction per publisher from cookie deprecation without replacement

Google / IAB / Google's Privacy Sandbox research 2022

3×

increase in FingerprintJS Pro commercial deployments from 2020 to 2024

FingerprintJS investor communications, 2024

As third-party cookies lose viability — blocked by default in Firefox (2019), Safari (2020), and now being phased in Chrome via Privacy Sandbox — the advertising technology industry has invested heavily in fingerprinting as a "cookieless" alternative. Major ad tech vendors including LiveRamp, The Trade Desk (UID 2.0), and ID5 offer cross-site identity solutions that combine first-party data with device fingerprinting signals.

Privacy advocates argue that this shift is directionally worse for users than the cookie era, because fingerprinting cannot be opted out of through standard browser controls, is invisible to most users, and is not subject to the same consent notification requirements that cookie banners enforce. The net result may be more pervasive tracking with less user visibility.

Identity Solution / Signal	Post-Cookie Role	Fingerprinting Component	Privacy Risk
FingerprintJS Pro	Fraud prevention, bot detection, analytics	Core signal	High
Google Privacy Sandbox / Topics API	Interest-based targeting without identity	Limited	Moderate (on-device profiling)
LiveRamp ATS (Authenticated Traffic Solution)	Cross-site identity via hashed email	Secondary signal	Moderate
The Trade Desk UID 2.0	Open cross-site identity standard	Device fingerprint as fallback	Moderate–High
CNAME Cloaking (first-party trackers)	Circumvent third-party cookie blocks	Often combined	High
Server-side tagging (GTM server-side)	Move data collection to publisher server	May include fingerprinting	Moderate

Sources: eMarketer Digital Ad Spending 2024; IAB Europe "The Future of Digital Advertising" report 2023; Google Privacy Sandbox revenue impact studies 2022; FingerprintJS investor materials and press releases; Electronic Frontier Foundation "Behind the One-Way Mirror" (2019); Privacy International "Fingerprinting — A Clear Picture" (2021).

Cette page compile les statistiques et résultats de recherche clés provenant d'études évaluées par des pairs, d'organisations de recherche à but non lucratif et de rapports industriels sur les empreintes de navigateur. Les sources comprennent l'EFF, le CITP de l'Université de Princeton et le projet AmIUnique (INRIA).

1. Statistiques clés

83,6 %

des navigateurs ont une empreinte entièrement unique

EFF Panopticlick, 2010 (470 000 échantillons)

67 %

des 10 000 premiers sites web utilisent une forme d'empreinte

Étude de mesure web de Princeton, 2018

89 %

des empreintes restent identifiables de manière unique après 90 jours

Étude longitudinale AmIUnique, INRIA 2016

~18 bits

d'entropie identifiante dans une empreinte de navigateur moyenne

Analyse d'entropie EFF Panopticlick

5,7 %

du top Alexa 10k utilisaient l'empreinte canvas en 2014

Acar et al., Princeton CITP 2014

<5 %

des utilisateurs de Tor Browser ont une empreinte unique

EFF Cover Your Tracks, données 2023

94 %

des utilisateurs croient à tort que le mode privé prévient l'empreinte

Étude FP-Scanner, 2019

50–200

points de données collectés par un script d'empreinte typique

Étude de mesure FP-Scanner, 2019

Note : Les méthodologies des études diffèrent (taille des échantillons, géographie de la population, techniques mesurées, période d'observation). Les chiffres doivent être lus comme indicatifs plutôt qu'universellement précis.

2. Prévalence des techniques d'empreinte

Des recherches du Princeton CITP (2014–2018) ont mesuré systématiquement quelles techniques d'empreinte sont les plus largement déployées sur le web.

Technique	% des 10 000 premiers sites	Source principale
User Agent / En-têtes HTTP	~100 %	Passif, tous les sites
Empreinte Canvas	5,7–14,5 %	Acar et al. 2014 ; Englehardt & Narayanan 2016
Empreinte WebGL	~47 %	Cao, Li & Wijmans 2017
Empreinte Audio	~0,07 % (700/1M)	Englehardt & Narayanan 2016
Énumération de polices	~23 %	Acar et al. 2014
Empreinte inter-navigateurs	En croissance	Cao, Li & Wijmans 2017

3. Comparaison de l'unicité par navigateur

Navigateur	Taux d'unicité estimé	Niveau de protection
Chrome (sans extensions de confidentialité)	80–90 %	Faible
Firefox (paramètres par défaut)	75–85 %	Moyen
Firefox (privacy.resistFingerprinting)	20–40 %	Élevé
Brave (protection des empreintes activée)	15–30 %	Élevé
Tor Browser	<5 %	Très élevé

4. Stabilité de l'empreinte dans le temps

Période	% d'empreintes restant identifiables	Source
1 semaine	~95 %	AmIUnique, INRIA 2016
1 mois	~92 %	AmIUnique, INRIA 2016
3 mois	~89 %	AmIUnique, INRIA 2016
6 mois	~81 %	AmIUnique, INRIA 2016

5. Paysage géographique et juridique

Région	Cadre réglementaire	Exigence de consentement
Union européenne	RGPD + Directive ePrivacy	Consentement requis
Californie (États-Unis)	CCPA / CPRA	Droit de refus
Canada	LPRPDE (en révision)	Incertain
Reste du monde	Variable	Généralement aucune

6. Statistiques de sensibilisation des utilisateurs

94 %

des utilisateurs croient à tort que le mode privé prévient le suivi par empreinte

Étude FP-Scanner, 2019

<15 %

des utilisateurs peuvent correctement expliquer les empreintes de navigateur

Enquête EFF sur la connaissance de la vie privée, 2021

71 %

des utilisateurs ne savent pas que les VPN ne protègent pas contre les empreintes

Consumer Reports Privacy Survey, 2022

7. Chronologie clé des recherches

Année	Étude / Événement	Contribution clé
2010	EFF Panopticlick	Première démonstration à grande échelle de l'unicité des empreintes : 83,6 %
2012	Mowery & Shacham (W2SP)	Documentation de l'empreinte WebGL et canvas
2014	Acar et al. (Princeton, CCS)	Découverte de l'empreinte canvas sur 5,7 % du top 100k
2016	Laperdrix et al. (AmIUnique)	Première étude longitudinale des empreintes à grande échelle
2016	Englehardt & Narayanan (CCS)	Mesure du suivi en ligne sur 1 million de sites
2017	Cao, Li & Wijmans (NDSS)	Empreinte inter-navigateurs avec 99,24 % de précision
2020	Laperdrix et al. (ACM Survey)	Revue exhaustive des techniques modernes d'empreinte

8. Impact industriel et paysage post-cookie

La dépréciation des cookies tiers par les principaux navigateurs crée une pression croissante vers les technologies d'identification alternatives, y compris les empreintes. Environ 67 % des sites utilisent déjà une forme de suivi par empreinte, et ce chiffre est en croissance.

Sources : eMarketer 2024 ; IAB Europe 2023 ; EFF « Behind the One-Way Mirror » (2019) ; Privacy International « Fingerprinting — A Clear Picture » (2021).

📊 Browser Fingerprinting Statistics & Research Data 2026