is_keyless
This field is true if no public key is provided in the "[...]/v2/api.js" script url. Instead, the public key is provided with "setConfig". More information can be found here.
cfp
Canvas fingerprint that's hashed using Java's hashCode method.
WebGL
Collects supported operations by your GPU via the WebGL API. This could, in theory, be used to correlate your canvas fingerprint as described in this paper by Google.
audio_fingerprint
See:
- How the Web Audio API is used for audio fingerprinting
- How We Bypassed Safari 17's Advanced Audio Fingerprinting Protection
wh
Window hash:
- Gets all the objects on the current window and sorts them.
- TODO: Prototype stuff.
- murmurHash3 both with a seed of 420.
- Join with "|".
n
Base64 encoded timestamp.
window__tree_index
These don't work in this environment.
window__tree_structure
TODO
window__ancestor_origins
TODO
browser_object_checks
- Checks for global objects belonging to different browsers.
- Sorts them.
- Joins them with ",".
- md5 hashes them.
See the console for more details.
browser_detection_brave
Detects the Brave browser via the brave global object.
browser_detection_firefox
Checks the User-Agent for "Firefox".
navigator_pdf_viewer_enabled
Checks:navigator.pdfViewerEnabled;
user_agent_data_brands
Checks:navigator.userAgentData.brands;
user_agent_data_mobile
Checks:navigator.userAgentData.mobile;
screen_orientation
Gets the current device screen orientation.
fake_browser
Checks for inconsistencies between the User-Agent and the behavior of the browser state.
headless_browser_generic
Checks the various objects on the document and window related to browser automation frameworks. Including:
hasFakeOS
Checks for inconsistencies with userAgent and platform.
browser_api_checks
Supported browser features
navigator_permissions_hash (replaced by 1f220c9)
NOTICE: Removed as of 2.15.0 and 3.5.0
- Checks which permissions the current page has.
- Joins them with "|".
- md5 hashes them.
1f220c9
- Checks which permissions the current page has.
getPlugins
Browser plugins.
speech_default
Text to speach information.
For the hash:
- Checks voices you have installed.
- Joins them with ",".
- md5 hashes them.
navigator_battery_charging
Checks:(await navigator.getBattery()).charging;
media_devices
Checks which media devices are available.
getAudio
Checks which audio codecs are available. This can be used to detect browser environments that don't support DRM.
NOTICE: "audio_codecs_extended" is no longer included in the payload to reduce payload size.
getVideo
Checks which video codecs are available. This can be used to detect browser environments that don't support DRM.
NOTICE: "video_codecs_extended" is no longer included in the payload to reduce payload size.
supported_math_functions
Checks what Math functions are supported in the current browser.
math_fingerprint
Runs a bunch of math calculations.
This can be used to detect if the enforcement script is being run in a different environment than is claimed by the client. For example, calculating the math like V8 (Chrome) but claiming to be JavaScriptCore (Safari).
1l2l5234ar2
Checks if you have DevTools open or are using Puppeteer.
29s83ih9
Checks for different sandbox environments such as JSDom.
media_query_dark_mode
Queries for dark mode.
matchMedia("(prefers-color-scheme: dark)").matches;
f9bf2db
Checks various CSS media queries shown below:
- "pc" = "prefers-contrast"
- "ah" = "any-hover"
- "ap" = "any-pointer"
- "p" = "pointer"
- "h" = "hover"
- "u" = "update"
- "ic" = "inverted-colors"
- "prm" = "prefers-reduced-motion"
- "prt" = "prefers-reduced-transparency"
- "s" = "scripting"
- "fc" = "forced-colors"
This succeeds css_media_queries.
css_media_queries (replaced by f9bf2db)
NOTICE: Removed as of 3.4.0
-
matchMedia("(prefers-color-scheme:light)"); -
matchMedia("(prefers-color-scheme:dark)");
css_color_gamut
NOTICE: Removed as of 3.4.0
Checks what color gamuts are supported.
-
matchMedia("(color-gamut:rec2020)"); -
matchMedia("(color-gamut:p3)"); -
matchMedia("(color-gamut:srgb)");
css_contrast
NOTICE: Removed as of 3.4.0
Checks user's contrast preference.
-
matchMedia("(prefers-contrast:low)"); -
matchMedia("(prefers-contrast:less)"); -
matchMedia("(prefers-contrast:no-preference)"); -
matchMedia("(prefers-contrast:more)"); -
matchMedia("(prefers-contrast:high)"); -
matchMedia("(prefers-contrast:forced)");
css_monochrome
NOTICE: Removed as of 3.4.0
Checks user's monochrome preference.
css_pointer
NOTICE: Removed as of 3.4.0
-
matchMedia("(any-pointer:1)"); -
matchMedia("(any-pointer:coarse)"); -
matchMedia("(any-pointer:none"); ") -
matchMedia("(any-pointer:fine)");
css_grid_support
NOTICE: Removed as of 3.4.0
-
matchMedia("(grid:1)"); -
matchMedia("(grid:0)");
getFonts
Checks for the presence of 65 different fonts from a predetermined list. This could be used to detect your platform. For example, Wingdings is only on Windows.
TO
Checks your timezone. This can be correlated with the approximate location of your IP address.
rtc_peer_connection
Checks the existence of:
-
window.RTCPeerConnection; -
window.mozRTCPeerConnection; -
window.webkitRTCPeerConnection;
And then stores the result in a number using bit shifting.
jsbd
- HL:
window.history.length; - NCE:
navigator.cookieEnabled; - DT:
document.title; - NWD:
JSON.stringify(navigator.webdriver);
6a62b2a558
Script version hash:
"enforcement.6c9d6e9be9aa044cc5ce9548b4abe1b0.js";
4b4b269e68
Random UUID:
crypto.randomUUID();
c8480e29a
MD5 hashed surl.
md5(surl) + (surl ? "\u2062" : "\u2063");
4ca87df3d1
mbio mouse events. See the events page for more details.
function insertEvent() {
const n = {
timestamp: Date.now() - Qt.timestamp,
type: e,
x: m.pageX,
y: m.pageY,
};
Qt["4ca87df3d1"].push(n);
_lastMouseMove = n;
}
if(Qt["4ca87df3d1"].length 5) {
insertEvent();
}
return;
}
else {
insertEvent();
return;
}
}
Qt["4ca87df3d1"].push({
timestamp: Date.now() - Qt.timestamp,
type: e,
x: m.pageX,
y: m.pageY,
});
}
867e25e5d4
mbio touch events. See the events page for more details.
for(let i = 0; i
d4a306884c
mbio key events. See the events page for more details.
const keyboardEventTypes = {
Tab: 0,
Enter: 1,
Space: 3,
ShiftLeft: 4,
ShiftRight: 5,
ControlLeft: 6,
ControlRight: 7,
MetaLeft: 8,
MetaRight: 9,
AltLeft: 10,
AltRight: 11,
Backspace: 12,
Escape: 13,
};
if(Qt.d4a306884c.length
43f2d94
Collects web3 data such as if MetaMask is available.
4f59ca8
Checks if Apple Pay is available and what version is supported.
20c15922
Checks if Bluetooth is available.
c2d2015
Collects sensor data (see source) and MD5 hashes it.
3ea7194
Checks if "HDR10", "HLG", "DolbyVision" codecs are supported. Checks if HDR is supported.
05d3d24
Checks the following CSS properties, sorts, stringify "key=value;key=value", md5 hash:
"(prefers-color-scheme: dark)""(prefers-reduced-motion: reduce)""(forced-colors: active)""(color-gamut: p3)""(color-gamut: srgb)""(prefers-contrast: more)""(inverted-colors: inverted)""(any-hover: hover)""(prefers-reduced-data: reduce)""(prefers-reduced-transparency: reduce)""(dynamic-range: high)""(hover: hover)""(pointer: fine)""(pointer: coarse)""(orientation: landscape)""(display-mode: fullscreen)""(display-mode: standalone)""(display-mode: minimal-ui)""(video-color-gamut: p3)""(video-color-gamut: srgb)""(video-color-gamut: rec2020)""(video-contrast: high)""(video-dynamic-range: high)"
83eb055
Gets the keyboard layout. Returns false in 2.13.0 because of "SecurityError: getLayoutMap() must be called from a top-level browsing context or allowed by the permission policy." since 3.x.x is architected differently.
vsadsa
basfas
window.performance.memory.jsHeapSizeLimit
lfasdgs
Arkose Build ID (header: "ark-build-id"). "cbid" likely stands for Client Build ID.
window.arkl.cbid
network_info_rtt_type
This value is being withheld until further notice. Changed as of 4.x.x.