Privacy Tools

Canvas Fingerprint Test

See the exact image your browser draws behind the scenes — and the hash that makes you trackable without cookies. Every GPU renders it slightly differently.

Live canvas render
Your browser draws this — watch it generate in real time
Client-side only
Click Run Test to draw
What your browser actually draws (320×120 px)
SHA-256 canvas hash
Click Run Test to generate…
Trackability
--
Hash algorithm
SHA-256
Canvas size
320 × 120 px
Render time
--
Nothing leaves your browser
Why the same site sees the same you — every time
Your browser, same device Identical hash
Canvas render A
7f4a2c9e1b8d3f60a5e2…
Reload the page, clear cookies, go incognito — the hash never changes. Your GPU renders the same pixels every time.
Same browser, different device Different hash
Canvas render B
3b8e1f4a7c9d2e605f1b…
Chrome on a MacBook vs Chrome on a Windows PC produce different hashes — the GPU and driver combination is what changes.
Brave browser (protected) Randomised
Noise-injected render
a9c2f7e3d1b8049e6c3d… (changes each load)
Brave adds invisible pixel noise before hashing — making your hash useless for cross-site tracking.
How a canvas fingerprint is built in 5 steps
Runs in <2 seconds · fully invisible
JS draws on canvas
The site's script calls the HTML5 Canvas API — drawing text, shapes, and gradients off-screen without any visible output.
GPU renders pixels
Your GPU processes anti-aliasing and sub-pixel rendering, producing slightly unique output per device and driver version.
PNG data extracted
toDataURL() converts the canvas to a base64 PNG string, capturing every pixel value exactly as your GPU produced it.
Hash is computed
SHA-256 is applied to the PNG string, producing a short, stable fingerprint of your GPU's exact render output.
Hash sent to tracker
The hash is matched against a database, linking you to your previous visits, browsing profile, and inferred identity.
Invisible to you
No popup, no permission request. The canvas is drawn off-screen — you never see it happen and no browser warning is triggered.
Survives everything
Clear cookies, use private browsing, switch VPN, change browser profiles — none of it changes your GPU hash. It is stable for months.
Cross-site tracking
The same hash works on every website that runs the script, allowing your journey across unrelated sites to be stitched together.
Canvas fingerprinting — browser protection status
Browser Canvas FP works? Default protection Opt-in protection Verdict
Brave Randomised On by default Best
Firefox Works Strict mode only RFP mode Good
Chrome Works None Extension needed Exposed
Safari Partial ITP blocks some Partial
Edge Works None Extension needed Exposed
How to block canvas fingerprinting
Switch to Brave browser
Brave injects random noise into every canvas render, breaking the hash without visually changing anything you see. No setup required — it is on by default.
Best — zero effort
Enable Firefox RFP mode
Set privacy.resistFingerprinting = true in about:config. This makes all Firefox users share the same canvas output — your hash becomes identical to millions of others.
Strong — manual setup
CanvasBlocker extension
Available for Firefox and Chrome. Intercepts toDataURL() calls and returns randomised pixel data before the script can hash it, breaking the fingerprint silently.
Good — adds an extension
Use Tor browser
All Tor users share an identical canvas output by design — making individual identification impossible. The trade-off is noticeably slower browsing speed.
Maximum anonymity