ShieldLabs is an anonymous visitor identification and traffic quality platform. It analyzes device, browser, IP, and network signals, detecting mismatches between them to identify anonymous visitors and assign a real-time explainable risk score to every visit, as well as detect abuse patterns across your traffic.

What is ShieldLabs used for?

ShieldLabs is used to identify anonymous visitors, assess traffic quality, and detect abuse activity such as multi-accounting, fake account creation, account takeover, free trial abuse, bonus abuse, ban evasion, referral fraud, account sharing, coupon abuse, subscription abuse, giveaway fraud, voting manipulation, and survey fraud.

Who is ShieldLabs for?

ShieldLabs is best for startups, small-to-mid-sized businesses, and digital platforms with medium to high traffic volume that need a cost-effective anonymous visitor identification solution. Built for product, fraud, and growth teams at SaaS platforms, fintech, iGaming, e-commerce, Web3, media and streaming, travel, and technology platforms - any business dealing with anonymous traffic and abuse.

How accurate is ShieldLabs?

ShieldLabs detects anonymized connections and environment spoofing with up to 99% accuracy through multi-layer analysis.

How is ShieldLabs different from traditional abuse prevention platforms?

ShieldLabs delivers the same level of visitor identification and abuse detection used by platforms like Google and X / Twitter — with transparent per-request pricing, self-serve integration in 5 minutes, and an explainable risk score. No "Contact Sales," no enterprise contracts.

Can a visitor be recognized when IP changes?

Yes. ShieldLabs generates a persistent visitor ID. This identifier remains stable across sessions even when the visitor changes IP, clears cookies, switches to incognito mode, or creates a new account.

What is a persistent visitor ID?

A persistent visitor ID is a stable identifier assigned to each visitor. Unlike cookies or IP addresses, it survives IP rotation, cookie clearing, incognito mode, and account changes - allowing real-time recognition of returning visitors regardless of how they try to hide.

What is browser fingerprinting?

Browser fingerprinting is a technique for identifying website visitors by collecting unique browser signals such as browser version, preferred language, screen resolution, installed fonts, and graphics rendering. These signals are combined to generate a unique identifier that recognizes the visitor across sessions — even without cookies.

What is device fingerprinting?

Device fingerprinting identifies a visitor based on hardware and operating system signals such as device type, OS version, memory, processor, and screen parameters. Combined with browser fingerprinting, it produces a more stable and accurate identification.

How does device fingerprinting differ from browser fingerprinting?

Browser fingerprinting collects signals from the browser — version, language, plugins, screen resolution. Device fingerprinting collects signals from the hardware and operating system — device type, OS, memory, processor. ShieldLabs combines both to generate a persistent visitor ID with higher accuracy than either method alone.

Does ShieldLabs do device fingerprinting or browser fingerprinting?

Both. ShieldLabs analyzes 70+ signals across device, operating system, and browser to generate a persistent visitor ID. It then cross-validates these signals against network and IP data to detect mismatches and expose anonymous visitors.

Is browser fingerprinting safe?

For businesses, browser fingerprinting is used to identify anonymous visitors and distinguish between legitimate users and potentially fraudulent ones. ShieldLabs does not track users across sites and does not collect personally identifiable information during the fingerprinting process. For visitors, the process is invisible and adds no friction to their experience.

Can ShieldLabs detect a visitor in incognito mode or on a VPN?

Yes. Device and browser fingerprinting signals remain consistent even in incognito mode. VPN connections are detected through IP intelligence and cross-layer mismatch analysis. ShieldLabs identifies the visitor in both cases.

What can ShieldLabs detect?

ShieldLabs detects VPN, proxy, TOR, iCloud Private Relay, anti-detect browsers, tampered browsers, anti-fingerprint tools, data center and hosting infrastructure, environment spoofing, device tampering, location spoofing, timezone mismatches, and abuse activity. All detection works in real time.

Does ShieldLabs detect anti-detect browsers?

Yes. Anti-detect browsers are designed to mask device fingerprints and rotate identities. ShieldLabs detects them through cross-layer mismatch analysis, identifying the difference between what the browser claims and what is actually detected.

Can ShieldLabs detect fake accounts and multi-accounting?

Yes. The system builds an identity graph linking visitors, devices, and accounts across sessions. When the same person creates multiple accounts — even using different IPs, browsers, or anti-detect tools — the system connects them through shared device and network characteristics.

Can ShieldLabs detect account takeover?

Yes. When an account is accessed from an unrecognized device, suspicious connection, or unusual location, the system flags it as a potential account takeover.

Can ShieldLabs detect location spoofing?

Yes. The system detects timezone and geolocation mismatches between what the browser reports and what the IP and network reveal — indicating masked or spoofed visitor location.

Does ShieldLabs detect account sharing?

Yes. When multiple devices, locations, and network signatures access the same account, the system flags it as potential account sharing — helping protect subscription value and enforce per-user access.

Risk Score is a numerical assessment of explainable risk for every visit. It is calculated from anonymity indicators, cross-layer mismatches, and network signals. A high score indicates an increased probability of an anonymous or masked visit. Every score includes clear reasons for every contributing factor.

How is Risk Score calculated?

Each detected signal contributes to the final score - VPN detection, proxy connection, OS mismatch between browser and network, timezone conflict, data center IP, and more. Risk score reflects the cumulative risk level and explains each factor.

What is traffic risk level?

Traffic risk level is an overall assessment of anonymity across all your traffic. It shows what percentage of visitors are clean, low risk, medium risk, or high risk - giving you visibility into overall traffic quality.

Does ShieldLabs automatically block users?

No. ShieldLabs provides risk score, scoring reasons, and detailed visitor data. The blocking decision is made by you - either manually or through automated rules you configure.

What is an identity graph?

An identity graph is a map of connections between visitors, devices, and accounts. ShieldLabs builds this graph automatically by linking persistent visitor IDs, device fingerprints, and network signals across all sessions — revealing which accounts are connected and the risk level of each connection.

What are abuse patterns?

Abuse patterns are ready-made detection rules that identify suspicious connections between visitors, devices, and accounts — such as many accounts on one device, changing IDs on one account, or many devices on one account. Each pattern flags potential multi-accounting, account sharing, ban evasion, or coordinated abuse.

What is traffic quality?

Traffic quality is a measure of how much of your traffic comes from real, identifiable visitors versus anonymous, masked, or suspicious traffic. ShieldLabs assigns a risk level to your overall traffic and a risk score to every visitor.

How long does integration take?

Integration takes approximately 5 minutes. Add a code snippet to your site, and the system immediately begins anonymous visitor identification and real-time traffic analysis.

Which frameworks are supported?

ShieldLabs supports JavaScript, Next.js, React, Angular, Vue.js, Preact, and Svelte.

Does ShieldLabs provide API and Webhooks?

Yes. Risk score, visitor IDs, and detailed detection signals are available via API and Webhooks in real time for automation of fraud prevention rules and protection scenarios.

Does ShieldLabs affect real users?

No. The system operates in the background and does not require any additional actions from visitors. No CAPTCHAs, no challenges, no friction.

How does pricing work?

ShieldLabs offers transparent per-request pricing with a free tier. Start free, scale as you grow. No enterprise contracts, no "Contact Sales."

Is there a free plan?

Yes. The free plan includes 5,000 requests for initial traffic quality check and anonymous visitor identification.

How does canvas fingerprinting work?

A script asks the browser to draw a hidden image, usually text over a background, to an off-screen HTML canvas. The browser renders it, and the GPU or software rasterizer, drivers, operating system, and fonts underneath all introduce tiny variations. The script then reads the pixels back and hashes them into a value that stays the same in that browser.

What is a canvas fingerprint?

A canvas fingerprint is the hash produced when a browser renders a hidden canvas image. It reflects the graphics hardware and software underneath rather than any personal data, and it is consistent for one browser over time. Combined with other browser fingerprinting techniques, it helps recognize the same browser on a later visit without a cookie.

How accurate is canvas fingerprinting on its own?

Canvas is moderately accurate but not unique by itself, because many browsers of the same model and version render alike. Its real value comes from combining it with other browser fingerprinting techniques. A single canvas hash narrows the field; the full combination is what reliably tells one browser from another.

Back to blog

June 12, 2026Browser fingerprinting Device intelligence Fraud prevention

What is canvas fingerprinting? How it works and why it is so stable

Pavel NuryieuHead of Research

Canvas fingerprinting: a hidden canvas image rendered slightly differently on three devices, each producing a distinct hash that identifies the device

Last updated on June 15, 2026 · 9 min read

Canvas fingerprinting is used to identify website users and is part of a broader set of browser fingerprinting techniques. A script asks the browser to render text and graphics to an off-screen HTML canvas, then reads the pixels back and hashes them. Because the result depends on the browser along with the GPU, graphics driver, operating system, and installed fonts, two browsers rarely produce the same hash, which makes it a stable way to recognize the same browser again.

Canvas is one of the most asked-about browser fingerprinting techniques, partly because it is easy to demonstrate and partly because it keeps working after cookies are cleared. This guide explains what canvas fingerprinting is, how it works step by step, what it reveals, how unique and stable it is, and where it fits in fraud detection.

Key takeaways

Canvas fingerprinting reads how a browser renders a hidden image and turns the result into a hash. The same browser produces the same hash, a different browser usually does not.
It is stable because it reflects the real browser, graphics hardware, and software underneath, which a user cannot easily change, and it survives cleared cookies and incognito mode.
No single canvas hash is unique on its own. Its value comes from combining it with other browser fingerprinting techniques into one identifier.
For fraud detection, canvas is one signal among many. It helps recognize a returning visitor, and randomized or noise-injected canvas readings are themselves a sign that something is hiding.

How canvas fingerprinting works

Canvas fingerprinting works in three steps, and the whole process runs in the background in milliseconds without any permission prompt. The user never sees the image, because it is drawn off-screen and never displayed.

Draw. A script uses the HTML canvas API to draw text and shapes to a hidden canvas, often a line of text in a specific font over a colored or gradient background.
Render. The browser renders that drawing. The GPU, the graphics driver, the operating system, and the font rasterizer all influence the exact pixels produced, down to the anti-aliasing at the edges of each letter.
Hash. The script reads the pixel data back and runs it through a hash function. The output is a compact value, the canvas fingerprint, that stays the same in that browser and differs in browsers with a different rendering stack.

The detail that makes this work is that the drawing instructions are identical for everyone, so any difference in the output comes from the browser and the device it runs on, not the request. The same instructions sent to a thousand browsers return many different hashes.

Canvas fingerprinting in three steps: a script draws a hidden image, the device renders it with its own GPU and drivers, and the pixels are hashed into a canvas fingerprint

What a canvas fingerprint reveals

A canvas fingerprint does not reveal personal information like a name or location. What it reflects is the combination of browser, hardware, and software that renders graphics:

The GPU and graphics driver, which decide how shapes, gradients, and curves are turned into pixels.
The operating system and its version, which affect font rendering and anti-aliasing.
The installed fonts, since the chosen font, or its fallback when missing, changes the shape of the rendered text.
The browser and its rendering settings, which influence how the canvas instructions are carried out.

None of these is identifying on its own. Many people run the same phone model with the same browser, so they share a similar canvas hash. The point is not that the hash names a person, but that it is consistent for one browser over time and different enough from most others to help tell browsers apart.

Property	Canvas fingerprinting
What it reads	How a browser renders a hidden off-screen image, hashed into a value
Why it differs between browsers	The browser, GPU, graphics driver, operating system, and installed fonts shape the exact pixels
Does it survive clearing cookies?	Yes, it reflects the browser, hardware, and software underneath and survives cleared cookies and incognito mode
Main limitation	Not unique on its own, since browsers of the same model and version render alike, so it works only combined with other browser fingerprinting techniques

How unique and stable is a canvas fingerprint?

A canvas fingerprint is moderately unique and quite stable, which is exactly the combination that makes it useful. On its own it does not single out one browser in a million, but it carries enough distinguishing detail to narrow the field of possible browsers, and it stays the same across sessions because the underlying browser and hardware do not change between visits.

Canvas fingerprinting is also widespread enough to be well studied. It was first documented at scale in 2014, when researchers found it running on thousands of popular websites, and a 2025 measurement found that around 12.7% of the top 20,000 websites used it, with a slightly lower share on less popular sites. It is not a fringe technique; it is a common part of how the modern web recognizes returning browsers.

Stability has limits. A driver update, an operating system upgrade, or a new browser version can shift the hash, so a system that relies on canvas does not expect a permanent exact match. It treats the canvas value as one of several signals and tolerates small changes, which is also why canvas is rarely used alone.

Canvas fingerprinting in fraud detection

Canvas fingerprinting has two very different uses, and they are worth keeping separate. Advertisers and analytics networks use it to track people across sites for profiling, which is the privacy concern attached to the technique. Security and fraud detection use it for the opposite reason: to recognize that a returning browser is the same one, so a service can spot a single actor opening many accounts or coming back after a ban.

For fraud detection, canvas is one contributing signal, not a verdict. It helps link activity to a browser even when the cookies are cleared and the email is new, which is the exact reset that abuse relies on. On its own a canvas hash proves little, but combined with the other techniques in a browser fingerprint and with network signals, it raises or lowers confidence that two visits came from the same place. A defender uses it to inform a risk score the customer's own rules act on.

Can canvas fingerprinting be blocked?

Canvas fingerprinting can be resisted but not cleanly blocked, and the way it is resisted creates its own signal. Privacy browsers and extensions take one of two approaches: they refuse the canvas read, or they add random noise to the pixels so the hash changes on every read. Both reduce tracking, and for a privacy-minded user that is the goal.

For a fraud detection system, those countermeasures are informative rather than defeating. A canvas reading that changes on every single load is not what a normal browser does, so the randomization is itself a flag that something is being hidden. An anti-detect browser tries to present a clean, consistent fake canvas instead, but keeping that fake value consistent with the GPU, the fonts, and the rest of the fingerprint across every visit is hard, and the signals can contradict each other. This is the recurring pattern in fingerprinting: covering a technique tends to leave a different trace.

How ShieldLabs uses canvas fingerprinting

ShieldLabs combines canvas with the other browser and network techniques through one JavaScript snippet, so canvas is never read in isolation. Browser fingerprinting like this is the foundation of a stable device identifier that recognizes a returning visitor after cleared cookies and a rotated IP, and the identifier is derived from the whole combination rather than any single hash.

Each visit returns a risk score from 0 to 100 with the named anonymity signals and the Details behind the score. That includes the anonymity signals and the contradictions that arise when the canvas reading and others are randomized or do not match the rest of the browser and device characteristics. Because the read happens in the background from data the browser already exposes, it adds no friction for a real visitor, and you act on the risk score and named anonymity signals through the API and webhooks while your own rules decide the outcome.

Frequently asked questions

WebGL fingerprinting: a hidden 3D scene rendered by a device's GPU into a distinct hash that identifies the graphics hardware

Browser fingerprinting Device intelligence

What is WebGL fingerprinting? How the GPU gives a device away

WebGL fingerprinting identifies a device by how its GPU renders 3D graphics. How it works, what it reveals, and how it differs from canvas.

Pavel NuryieuHead of ResearchJune 29, 2026

TLS fingerprinting: a client's TLS handshake, its cipher suites and extensions, condensed into a JA3 or JA4 hash that identifies the software behind the connection

Browser fingerprinting Network signals

What is TLS fingerprinting? How JA3 and JA4 identify a client

TLS fingerprinting identifies the software behind a connection from its TLS handshake. How it works, what JA3 and JA4 are, and what it reveals.

Vasil MakarchukChief Technology OfficerJune 29, 2026

Font fingerprinting: the set of fonts installed on a device measured from how text renders, condensed into a value that identifies the device

Browser fingerprinting Device intelligence

What is font fingerprinting? How your installed fonts identify you

Font fingerprinting identifies a device by which fonts are installed, read from how text renders. How it works, what it reveals, and how stable it is.

Pavel NuryieuHead of ResearchJune 29, 2026

How canvas fingerprinting works

What a canvas fingerprint reveals

How unique and stable is a canvas fingerprint?

Canvas fingerprinting in fraud detection

Can canvas fingerprinting be blocked?

How ShieldLabs uses canvas fingerprinting

Frequently asked questions

How does canvas fingerprinting work?

What is a canvas fingerprint?

How accurate is canvas fingerprinting on its own?

Can canvas fingerprinting be blocked?

How does ShieldLabs use canvas fingerprinting?

Related articles

What is WebGL fingerprinting? How the GPU gives a device away

What is TLS fingerprinting? How JA3 and JA4 identify a client

What is font fingerprinting? How your installed fonts identify you