Browser fingerprinting identifies or re-identifies a device by combining signals the browser exposes, even when no ordinary tracking cookie is available. Screen size, language, time zone, graphics behavior, fonts, platform details and other features can form a pattern that is more distinctive together than any one signal alone.
Why clearing storage is not enough
A cookie is a stored identifier. A fingerprint is inferred from observations. Removing cookies resets one mechanism but does not necessarily change the device characteristics a script can measure on the next visit. Fingerprints are probabilistic and can change, yet they may still be useful for linking sessions or narrowing a population.
Browsers counter this in several ways: blocking known trackers, limiting high-entropy APIs, partitioning state, adding noise to measurements or presenting more standardized values. Firefox exposes Enhanced Tracking Protection and fingerprinting protections. Apple describes advanced tracking and fingerprinting protection in Safari and Private Browsing.
Do not customize yourself into a corner
Installing a rare combination of privacy extensions, unusual fonts and aggressive overrides can make a browser stand out. More toggles do not always mean a less identifiable setup. Prefer protections maintained by the browser, which can make many users look alike and account for compatibility.
- Keep the browser current; privacy protections evolve with tracking techniques.
- Leave standard or strict tracking protection enabled if your sites still work.
- Reduce unnecessary extensions, especially those that modify every page.
- Use separate profiles to prevent account mixing, not as a claim of anonymity.
- Do not assume a VPN changes browser-exposed device characteristics.
When a site breaks
Strict protection can disrupt a login, video or payment component. Use the browser's per-site protection control first. Confirm the domain and reload. If lowering protection fixes the site, restore it afterward and report the breakage when the browser offers that option. A permanent global disable is usually a larger concession than the one site needs.
What sites legitimately use signals for
Device signals can support fraud detection, bot mitigation, compatibility and security. The privacy concern comes from covert persistence and cross-context linking, not the mere existence of every signal. That is why browser-level controls try to balance utility with reducing unnecessary uniqueness.
A realistic expectation
No consumer setting can guarantee that every site sees the same generic device. Logged-in activity, server records and network identifiers remain. The goal is to reduce easy, stable and cross-site recognition while keeping the web usable.
The useful strategy is boring: run a mainstream, updated browser with its built-in privacy defenses, minimize privileged extensions and avoid treating cookie deletion as a complete reset. Fingerprinting thrives on unique combinations; a well-maintained default can be stronger than an elaborate collection of one-off disguises.
Sources & methodology2 sources - evidence for this revision
The records below show what each source supports in this published revision.
- Firefox's protection against fingerprintingMozilla Supportreference - Retrieved Jul 12, 2026
What it supportsFirefox includes protections against known and suspected fingerprinters within Enhanced Tracking Protection.
- Browse the web privately in Safari on iPhoneApple Supportreference - Retrieved Jul 12, 2026
What it supportsSafari includes advanced tracking and fingerprinting protections.


