Live Demo

This is what every website sees about you.

Without asking. Without a cookie banner. Without you clicking anything. Every one of the panels below was filled in by your own browser, silently, the moment this page loaded — exactly the way a Meta Pixel or Google tracker would do it.

We are not recording any of this. Every value below is computed in your browser and never sent to our server. No analytics event, no Matomo hit, no logging. Open DevTools → Network and verify.

Your browser fingerprint

Computing a composite hash from the signals below…

Hash:

Studies (Panopticlick, AmIUnique) find that >80% of browsers are unique across the web based on these signals alone. Combined with your IP address and browsing history, you are trivially identifiable without a single cookie.

Your device

Screen resolution
Viewport
Pixel density
Colour depth
CPU cores
Device memory
Touch support
Battery

Your software

Operating system
Browser
Rendering engine
Languages
Installed plugins
User-Agent string

Your location & network

Timezone
UTC offset
Your local time
Locale
Connection type
"Do Not Track" signal

Your graphics & fingerprint

GPU (WebGL renderer)
Canvas fingerprint
Audio fingerprint
Detected fonts (sample)

Your storage & referral

Cookies enabled
localStorage
sessionStorage
IndexedDB
Previous page (referrer)
Sample: a typical commercial site

The cookies a typical site sets on you.

Below is a representative cookie jar captured from a mainstream retail homepage — a mid-sized e-commerce site running the normal stack of analytics, advertising and session tools. The site name is redacted; every cookie name, domain, expiry and value format is real and taken directly from a live page load.

23 cookies set on [redacted-retailer].com after one page view ~6.4 KB
First-party (site's own domain, usually still feeds a third party) Third-party (set directly by a tracker's domain)

What actually just happened

Of the 23 cookies above, one — the cart_session at the bottom — exists to make the website work. The other 22 exist to identify you to advertising, analytics and session-replay networks. One page view; a dozen different companies now know you stopped by.

Many of the worst are first-party by domain (_ga, _fbp, _hjSessionUser_*, _gcl_au, _clck). Browsers trust them more because they match the site's own domain — but the IDs inside them are harvested by Google, Meta, Hotjar and Microsoft through the scripts the site embeds. First-party in name only.

Those IDs typically last 3–24 months. Every time you visit any other site running the same tag, the same ID is attached to the visit and appended to the profile. That is how "you looked at running shoes once" becomes running-shoe ads following you across news sites, recipe blogs and YouTube for a month.

Verify on a real site:
  1. Open a private/incognito window so your existing cookies don't pollute the test.
  2. Visit almost any commercial news, retail or recipe site for the first time.
  3. Open devtools (F12) → Application tab (Chrome/Edge) or Storage tab (Firefox) → Cookies.
  4. Every domain in the list other than the one in your address bar is a third party. Count them.
Behavioural tracking

… and this is what session recorders capture.

Hotjar, Microsoft Clarity, FullStory and Mouseflow record exactly this — mouse movements, clicks, scrolls, and often form inputs — then ship the replay to their servers. Move your cursor around the box below to see your last 5 seconds of activity.

Mouse path
Click
Idle pause
Movements: 0 Clicks: 0 Scroll depth: 0% Time on page: 0s

Again, we are not saving any of this. It's drawn to a canvas that exists only in your tab, and it disappears the moment you leave. A real session recorder would be uploading this to a vendor server right now.

What this means

Why “anonymous” isn't.

Fingerprints are stickier than cookies

You can delete cookies. You can't change your GPU, your fonts, your CPU count, your screen, or your timezone with a button. The signals above identify your browser even after you clear everything.

One site is every site

The Meta Pixel on a skincare shop is the same Meta Pixel on a news site, a recipe blog, and a symptom checker. Your fingerprint links the visits into a single timeline attached to one persistent ID.

Search = identity

Logged-in Google searches are tied to your Google account. "Anonymous" search interests are fed into the same ad-targeting profile used across ~2 million sites in the Google Display Network.

EU courts agree

The Schrems II ruling, the German Google Fonts case, and multiple DPA findings treat browser fingerprints + IP as personal data under GDPR. Consent banners don't fix this.

Don't take our word for it

Independent tools that test the same thing

We built this demo in your browser with no server calls. If you'd like to see bigger, academic datasets comparing your fingerprint against millions of others, these are the best public tools:

EFF — Cover Your Tracks

The Electronic Frontier Foundation's tool (successor to Panopticlick). Tests whether trackers can identify your browser even with ad-blockers installed.

AmIUnique.org

INRIA academic research project. Compares your fingerprint against a corpus of ~1M browsers and tells you exactly how unique you are.

BrowserLeaks

Deep technical leak tests: WebRTC local-IP exposure, canvas, WebGL, font enumeration, SSL fingerprints, and more.

PrivacyTests.org

Side-by-side comparison of the privacy protections in every major browser. Useful when choosing what to actually browse with.

Now imagine this running on every site a customer visits.

That's the web most ethical brands quietly participate in. It doesn't have to be. Read the full write-up, or get your own site audited and rebuilt on a genuinely privacy-first stack.

Read the article Get an audit