ShieldLabs is an anonymous visitor identification and traffic quality platform. It analyzes device, browser, IP, and network signals, detecting mismatches between them to identify anonymous visitors and assign a real-time explainable risk score to every visit, as well as detect abuse patterns across your traffic.

What is ShieldLabs used for?

ShieldLabs is used to identify anonymous visitors, assess traffic quality, and detect abuse activity such as multi-accounting, fake account creation, account takeover, free trial abuse, bonus abuse, ban evasion, referral fraud, account sharing, coupon abuse, subscription abuse, giveaway fraud, voting manipulation, and survey fraud.

Who is ShieldLabs for?

ShieldLabs is best for startups, small-to-mid-sized businesses, and digital platforms with medium to high traffic volume that need a cost-effective anonymous visitor identification solution. Built for product, fraud, and growth teams at SaaS platforms, fintech, iGaming, e-commerce, Web3, media and streaming, travel, and technology platforms - any business dealing with anonymous traffic and abuse.

How accurate is ShieldLabs?

ShieldLabs detects anonymized connections and environment spoofing with up to 99% accuracy through multi-layer analysis.

How is ShieldLabs different from traditional abuse prevention platforms?

ShieldLabs delivers the same level of visitor identification and abuse detection used by platforms like Google and X / Twitter — with transparent per-request pricing, self-serve integration in 5 minutes, and an explainable risk score. No "Contact Sales," no enterprise contracts.

Can a visitor be recognized when IP changes?

Yes. ShieldLabs generates a persistent visitor ID. This identifier remains stable across sessions even when the visitor changes IP, clears cookies, switches to incognito mode, or creates a new account.

What is a persistent visitor ID?

A persistent visitor ID is a stable identifier assigned to each visitor. Unlike cookies or IP addresses, it survives IP rotation, cookie clearing, incognito mode, and account changes - allowing real-time recognition of returning visitors regardless of how they try to hide.

What is browser fingerprinting?

Browser fingerprinting is a technique for identifying website visitors by collecting unique browser signals such as browser version, preferred language, screen resolution, installed fonts, and graphics rendering. These signals are combined to generate a unique identifier that recognizes the visitor across sessions — even without cookies.

What is device fingerprinting?

Device fingerprinting identifies a visitor based on hardware and operating system signals such as device type, OS version, memory, processor, and screen parameters. Combined with browser fingerprinting, it produces a more stable and accurate identification.

How does device fingerprinting differ from browser fingerprinting?

Browser fingerprinting collects signals from the browser — version, language, plugins, screen resolution. Device fingerprinting collects signals from the hardware and operating system — device type, OS, memory, processor. ShieldLabs combines both to generate a persistent visitor ID with higher accuracy than either method alone.

Does ShieldLabs do device fingerprinting or browser fingerprinting?

Both. ShieldLabs analyzes 70+ signals across device, operating system, and browser to generate a persistent visitor ID. It then cross-validates these signals against network and IP data to detect mismatches and expose anonymous visitors.

Is browser fingerprinting safe?

For businesses, browser fingerprinting is used to identify anonymous visitors and distinguish between legitimate users and potentially fraudulent ones. ShieldLabs does not track users across sites and does not collect personally identifiable information during the fingerprinting process. For visitors, the process is invisible and adds no friction to their experience.

Can ShieldLabs detect a visitor in incognito mode or on a VPN?

Yes. Device and browser fingerprinting signals remain consistent even in incognito mode. VPN connections are detected through IP intelligence and cross-layer mismatch analysis. ShieldLabs identifies the visitor in both cases.

What can ShieldLabs detect?

ShieldLabs detects VPN, proxy, TOR, iCloud Private Relay, anti-detect browsers, tampered browsers, anti-fingerprint tools, data center and hosting infrastructure, environment spoofing, device tampering, location spoofing, timezone mismatches, and abuse activity. All detection works in real time.

Does ShieldLabs detect anti-detect browsers?

Yes. Anti-detect browsers are designed to mask device fingerprints and rotate identities. ShieldLabs detects them through cross-layer mismatch analysis, identifying the difference between what the browser claims and what is actually detected.

Can ShieldLabs detect fake accounts and multi-accounting?

Yes. The system builds an identity graph linking visitors, devices, and accounts across sessions. When the same person creates multiple accounts — even using different IPs, browsers, or anti-detect tools — the system connects them through shared device and network characteristics.

Can ShieldLabs detect account takeover?

Yes. When an account is accessed from an unrecognized device, suspicious connection, or unusual location, the system flags it as a potential account takeover.

Can ShieldLabs detect location spoofing?

Yes. The system detects timezone and geolocation mismatches between what the browser reports and what the IP and network reveal — indicating masked or spoofed visitor location.

Does ShieldLabs detect account sharing?

Yes. When multiple devices, locations, and network signatures access the same account, the system flags it as potential account sharing — helping protect subscription value and enforce per-user access.

Risk Score is a numerical assessment of explainable risk for every visit. It is calculated from anonymity indicators, cross-layer mismatches, and network signals. A high score indicates an increased probability of an anonymous or masked visit. Every score includes clear reasons for every contributing factor.

How is Risk Score calculated?

Each detected signal contributes to the final score - VPN detection, proxy connection, OS mismatch between browser and network, timezone conflict, data center IP, and more. Risk score reflects the cumulative risk level and explains each factor.

What is traffic risk level?

Traffic risk level is an overall assessment of anonymity across all your traffic. It shows what percentage of visitors are clean, low risk, medium risk, or high risk - giving you visibility into overall traffic quality.

Does ShieldLabs automatically block users?

No. ShieldLabs provides risk score, scoring reasons, and detailed visitor data. The blocking decision is made by you - either manually or through automated rules you configure.

What is an identity graph?

An identity graph is a map of connections between visitors, devices, and accounts. ShieldLabs builds this graph automatically by linking persistent visitor IDs, device fingerprints, and network signals across all sessions — revealing which accounts are connected and the risk level of each connection.

What are abuse patterns?

Abuse patterns are ready-made detection rules that identify suspicious connections between visitors, devices, and accounts — such as many accounts on one device, changing IDs on one account, or many devices on one account. Each pattern flags potential multi-accounting, account sharing, ban evasion, or coordinated abuse.

What is traffic quality?

Traffic quality is a measure of how much of your traffic comes from real, identifiable visitors versus anonymous, masked, or suspicious traffic. ShieldLabs assigns a risk level to your overall traffic and a risk score to every visitor.

How long does integration take?

Integration takes approximately 5 minutes. Add a code snippet to your site, and the system immediately begins anonymous visitor identification and real-time traffic analysis.

Which frameworks are supported?

ShieldLabs supports JavaScript, Next.js, React, Angular, Vue.js, Preact, and Svelte.

Does ShieldLabs provide API and Webhooks?

Yes. Risk score, visitor IDs, and detailed detection signals are available via API and Webhooks in real time for automation of fraud prevention rules and protection scenarios.

Does ShieldLabs affect real users?

No. The system operates in the background and does not require any additional actions from visitors. No CAPTCHAs, no challenges, no friction.

How does pricing work?

ShieldLabs offers transparent per-request pricing with a free tier. Start free, scale as you grow. No enterprise contracts, no "Contact Sales."

Is there a free plan?

Yes. The free plan includes 5,000 requests for initial traffic quality check and anonymous visitor identification.

How does browser audio fingerprinting work?

A script uses the Web Audio API to generate a tone, usually with an oscillator, and passes it through processing nodes such as a compressor. The device's audio stack and processor shape the result in tiny ways. The script then reads the processed waveform back and hashes it into a value that stays the same on that device.

Does audio fingerprinting need microphone permission?

No. Browser audio fingerprinting does not use the microphone and asks for no permission. It generates and processes the signal entirely inside the browser using the Web Audio API, and nothing is recorded or played out loud, which is part of why the technique runs silently in the background.

How does ShieldLabs use audio fingerprinting?

ShieldLabs reads audio as one of many techniques, never alone. It adds distinguishing detail to a persistent device identifier and feeds a risk score from 0 to 100 with the signals behind it, including contradictions that appear when a reading is faked or randomized. Your own rules decide the outcome, and the free tier covers your first 5,000 identifications.

Back to blog

June 29, 2026Browser fingerprinting Device intelligence Fraud prevention

What is audio fingerprinting? The browser technique, explained

Pavel NuryieuHead of Research

Browser audio fingerprinting: a silent waveform processed by a device's audio stack into a distinct value that identifies the device

Last updated on June 29, 2026 · 8 min read

Audio fingerprinting, in the browser sense, is a technique that identifies a device by how it processes a sound signal. A script uses the Web Audio API to generate a tone, runs it through the device's audio stack, and measures the output. Tiny differences in the hardware and software produce a stable value that differs between devices, all without playing anything out loud or asking permission.

This is a different thing from the acoustic or music fingerprinting that powers song-recognition apps, which listens to real sound to match a recording against a library. Browser audio fingerprinting never listens to anything. It generates a signal internally and reads how the device renders it. This distinction is the first thing worth getting straight, because the two share a name and almost nothing else. This guide covers the browser technique: how it works, what it reveals, and where it fits in fraud detection. It is one of the browser fingerprinting techniques a site reads together.

Key takeaways

Browser audio fingerprinting uses the Web Audio API to generate and process a signal internally, then reads the result. It does not record or listen to any real sound.
It is stable because the output reflects the real audio hardware and software stack, which does not change between visits, and it works with no permission prompt.
It is not the same as acoustic or music fingerprinting, which matches recorded sound against a database. The two only share a name.
For fraud detection, audio is one signal among many in a device fingerprint, useful for recognizing a returning device rather than identifying a person.

Audio fingerprinting vs music recognition

The term audio fingerprinting covers two unrelated techniques, and search results mix them, so it is worth separating them first.

Music or acoustic fingerprinting listens to real audio, a song playing nearby, and condenses it into a signature that is matched against a database. This is what apps like song-recognition tools use, and it is built to survive noise and compression.
Browser audio fingerprinting never listens to anything. A script generates a signal inside the browser, processes it through the device's audio stack, and reads how that specific device rendered it. The goal is not to recognize a sound but to recognize a device.

The rest of this guide is about the second one, the browser technique used for device recognition and fraud detection.

How browser audio fingerprinting works

Browser audio fingerprinting works by asking the device to process a known signal and then measuring the exact result. It runs silently in the background and needs no permission, because it never accesses a microphone.

Generate. A script uses the Web Audio API to create a sound signal, typically with an oscillator that produces a steady tone. The audio is never sent to the speakers.
Process. The signal is passed through audio nodes, such as a compressor, that transform it. The exact math depends on the device's audio stack, its processor, and the browser's audio implementation.
Read and hash. The script reads the processed waveform back as numbers and condenses them into a value. Because each device processes the signal slightly differently, the value is consistent on that device and differs on others.

The reason it works is the same as for the other rendering techniques: the instructions are identical for everyone, so any variation in the output comes from the device rather than the request.

How browser audio fingerprinting works: an oscillator generates a signal, the device's audio stack processes it, and the output is read and hashed into an audio fingerprint

What an audio fingerprint reveals

An audio fingerprint does not reveal sound, speech, or personal data. It reflects the parts of the device that shape how the signal is processed:

The audio stack and processor, which perform the floating-point math on the waveform.
The browser's audio implementation, since different browsers and versions process the signal in slightly different ways.
The operating system and platform, which influence the audio pipeline underneath.

None of this names a person, and many devices of the same model and browser share a similar audio value. Its use is comparative: it adds distinguishing detail to a device fingerprint and stays consistent for one device over time.

Property	Browser audio fingerprinting
What it reads	How a device processes a signal generated internally with the Web Audio API, read back and condensed into a value
Why it differs between devices	The audio stack and processor, the browser's audio implementation, and the operating system shape the processed waveform
Does it survive clearing cookies?	Yes, the audio stack does not change between sessions, so it survives cleared cookies and incognito mode
Main limitation	Only moderately distinctive, since values cluster heavily by device model and browser, so it adds distinguishing detail rather than standing alone

How unique and stable is an audio fingerprint?

An audio fingerprint is fairly stable but only moderately distinctive, which is why it is used as a contributing signal rather than an identifier on its own. The output stays the same across visits because the audio stack does not change between sessions, and it survives cleared cookies and incognito mode the same way the other rendering techniques do.

Where it is weaker is uniqueness. Audio values cluster heavily by device model and browser, so on their own they separate far fewer devices than a full fingerprint can. Audio fingerprinting was first documented at scale in a 2016 measurement of the top million sites, when researchers found scripts using the Web Audio API to fingerprint visitors. Since then it has been a steady, if minor, member of the fingerprinting toolkit, valuable mostly for the distinguishing detail it adds rather than for any standalone power.

Audio fingerprinting in fraud detection

For fraud detection, an audio fingerprint is one of the signals that helps recognize a returning device. It cannot prove who someone is, but combined with the other techniques in a browser fingerprint, it raises or lowers confidence that two visits came from the same device, even after the cookies are cleared and the email is new.

Its role is small but real. Because it reflects the audio stack rather than anything the user can edit, it is hard to fake on its own, and a value that disagrees with the rest of the fingerprint, or that changes on every read, is a hint that something is being hidden. A defender treats it as one input to a risk score, not as a verdict.

Can audio fingerprinting be blocked?

Audio fingerprinting can be resisted but not cleanly blocked. Privacy browsers and extensions add small amounts of noise to the audio output, so the value changes on each read, or they block the scripts that perform the read. Firefox offers an anti-fingerprinting mode that covers audio among other surfaces.

For a fraud detection system, the countermeasure tends to leave a trace of its own. An audio value that is randomized on every single read is not what an ordinary device produces, so the randomization itself becomes a signal. As with the rest of fingerprinting, covering one technique cleanly while keeping the whole picture consistent is the hard part.

How ShieldLabs uses audio fingerprinting

ShieldLabs reads audio as one of many techniques in a single fingerprint, never on its own. It contributes a little distinguishing detail to a stable device identifier that recognizes a returning visitor after cleared cookies and a rotated IP, derived from the whole combination rather than any single value.

Each visit returns a risk score from 0 to 100 with the named signals behind it, including the anonymity signals and the contradictions that surface when an audio reading is randomized or does not fit the rest of the device. Because the read happens in the background from data the browser already exposes, it adds no friction for a real visitor, and you act on the score through the API and webhooks while your own rules decide the outcome.

Frequently asked questions

WebGL fingerprinting: a hidden 3D scene rendered by a device's GPU into a distinct hash that identifies the graphics hardware

Browser fingerprinting Device intelligence

What is WebGL fingerprinting? How the GPU gives a device away

WebGL fingerprinting identifies a device by how its GPU renders 3D graphics. How it works, what it reveals, and how it differs from canvas.

Pavel NuryieuHead of ResearchJune 29, 2026

TLS fingerprinting: a client's TLS handshake, its cipher suites and extensions, condensed into a JA3 or JA4 hash that identifies the software behind the connection

Browser fingerprinting Network signals

What is TLS fingerprinting? How JA3 and JA4 identify a client

TLS fingerprinting identifies the software behind a connection from its TLS handshake. How it works, what JA3 and JA4 are, and what it reveals.

Vasil MakarchukChief Technology OfficerJune 29, 2026

Font fingerprinting: the set of fonts installed on a device measured from how text renders, condensed into a value that identifies the device

Browser fingerprinting Device intelligence

What is font fingerprinting? How your installed fonts identify you

Font fingerprinting identifies a device by which fonts are installed, read from how text renders. How it works, what it reveals, and how stable it is.

Pavel NuryieuHead of ResearchJune 29, 2026

Audio fingerprinting vs music recognition

How browser audio fingerprinting works

What an audio fingerprint reveals

How unique and stable is an audio fingerprint?

Audio fingerprinting in fraud detection

Can audio fingerprinting be blocked?

How ShieldLabs uses audio fingerprinting

Frequently asked questions

How does browser audio fingerprinting work?

Is audio fingerprinting the same as music recognition?

Does audio fingerprinting need microphone permission?

Can audio fingerprinting be blocked?

How does ShieldLabs use audio fingerprinting?

Related articles

What is WebGL fingerprinting? How the GPU gives a device away

What is TLS fingerprinting? How JA3 and JA4 identify a client

What is font fingerprinting? How your installed fonts identify you