Passive Browser Signal Audit

Privacy Transparency Dashboard

This page uses standard browser APIs to show what can be learned automatically before you click anything: fingerprinting traits, network metadata, browser-side storage, device sensors, and ad-pixel risk.

Scan Status
Scanning
Risk Score
--/100
Updated
--:--

01 / Fingerprinting

The ID Card

A browser fingerprint combines subtle rendering, device, and locale differences into a repeatable identifier.

Browser Fingerprint Hash

unavailable+9 risk

Learn More

Revenue: Helps ad platforms recognize repeat visits even when cookies are missing.

Malicious: Can be used to persistently track people across sites without consent.

Scanning...

Minimize Risk

Browser Fingerprint Hash

Tailored to the detected device and browser where those signals are available.

  1. 1.On device, reduce fingerprint entropy by avoiding unusual zoom, window sizes, and experimental browser flags.
  2. 2.Use your browser privacy protections, strict tracking prevention, or a privacy-focused browser for sensitive sessions.
  3. 3.Disable third-party cookies and clear site data for sites you do not trust.
  4. 4.Keep the browser updated so older user-agent and graphics quirks are less identifying.

Screen Profile

unavailable+4 risk

Learn More

Revenue: Infers device class and adjusts campaign creative or landing-page layout.

Malicious: Narrows identity when combined with timezone, language, and rendering traits.

Scanning...

Minimize Risk

Screen Profile

Tailored to the detected device and browser where those signals are available.

  1. 1.Use common browser zoom levels and avoid highly unusual window sizes when privacy matters.
  2. 2.Prefer built-in browser privacy modes that reduce canvas/WebGL or screen entropy.
  3. 3.On device, avoid granting unnecessary display, media, or sensor permissions to unknown sites.

Timezone & Language

unavailable+5 risk

Learn More

Revenue: Improves regional segmentation, content localization, and ad scheduling.

Malicious: Flags mismatches with IP location or VPN use for tracking and fraud scoring.

Scanning...

Minimize Risk

Timezone & Language

Tailored to the detected device and browser where those signals are available.

  1. 1.Keep language and timezone settings consistent with the location you intentionally present online.
  2. 2.Use a VPN only with an aligned timezone if you are trying to avoid location mismatch fingerprinting.
  3. 3.Disable unnecessary language packs if they make your browser profile unusually specific.

Uniqueness Estimate

unavailable+8 risk

Learn More

Revenue: Higher uniqueness can improve attribution confidence across sessions.

Malicious: A highly unique device can be reidentified more easily after clearing cookies.

Scanning...

Minimize Risk

Uniqueness Estimate

Tailored to the detected device and browser where those signals are available.

  1. 1.On device, reduce fingerprint entropy by avoiding unusual zoom, window sizes, and experimental browser flags.
  2. 2.Use your browser privacy protections, strict tracking prevention, or a privacy-focused browser for sensitive sessions.
  3. 3.Disable third-party cookies and clear site data for sites you do not trust.
  4. 4.Keep the browser updated so older user-agent and graphics quirks are less identifying.

Risk Model

Risk Score

--/100

Calculating passive exposure from browser and network signals...

02 / Network

Network & Meta-Data

Your connection and user-agent often reveal enough context to price ads, block fraud, or link sessions.

Public IP

unavailable+7 risk

Learn More

Revenue: Maps traffic to region, household connection, and campaign attribution.

Malicious: Can be correlated with leaked datasets or used for coarse physical targeting.

Unavailable or blocked

Minimize Risk

Public IP

Tailored to the detected device and browser where those signals are available.

  1. 1.Use a trusted VPN, iCloud Private Relay, or privacy relay when you want to mask public IP and ISP.
  2. 2.Disable WebRTC local IP leakage in browsers/extensions if your threat model includes IP correlation.
  3. 3.Avoid logging into identity-heavy accounts during sessions where network privacy matters.

ISP / Organization

unavailable+5 risk

Learn More

Revenue: Distinguishes mobile, enterprise, residential, or data-center traffic.

Malicious: Helps identify VPNs, workplaces, schools, or hosting providers.

Unavailable or blocked

Minimize Risk

ISP / Organization

Tailored to the detected device and browser where those signals are available.

  1. 1.Use a trusted VPN, iCloud Private Relay, or privacy relay when you want to mask public IP and ISP.
  2. 2.Disable WebRTC local IP leakage in browsers/extensions if your threat model includes IP correlation.
  3. 3.Avoid logging into identity-heavy accounts during sessions where network privacy matters.

Approximate Location

unavailable+7 risk

Learn More

Revenue: Powers geo-targeted bids, store visit inference, and localized offers.

Malicious: Can be used to infer travel, workplace, or residence patterns over time.

Scanning...

Minimize Risk

Approximate Location

Tailored to the detected device and browser where those signals are available.

  1. 1.Set your browser location permission to Ask or Block by default.
  2. 2.Grant precise location only to sites that truly need it, and revoke it after use.
  3. 3.On device, review OS-level location permissions because browser permission can depend on system settings.

User-Agent Breakdown

unavailable+5 risk

Learn More

Revenue: Optimizes compatibility, attribution models, and browser-specific campaigns.

Malicious: Feeds bot detection and fingerprint matching across browsing contexts.

Scanning...

Minimize Risk

User-Agent Breakdown

Tailored to the detected device and browser where those signals are available.

  1. 1.Keep the browser updated to reduce old-version fingerprinting and exploit risk.
  2. 2.Disable unnecessary extensions because they can alter fingerprintable behavior.
  3. 3.Use a separate browser profile for shopping/social accounts versus sensitive research.

Raw User-Agent

unavailable+6 risk

Learn More

Revenue: Provides detailed browser and platform context for analytics enrichment.

Malicious: Adds entropy to fingerprints and can reveal outdated, vulnerable browsers.

Scanning...

Minimize Risk

Raw User-Agent

Tailored to the detected device and browser where those signals are available.

  1. 1.Keep the browser updated to reduce old-version fingerprinting and exploit risk.
  2. 2.Disable unnecessary extensions because they can alter fingerprintable behavior.
  3. 3.Use a separate browser profile for shopping/social accounts versus sensitive research.

03 / Device

Hardware & Sensors

Device capability signals help sites tune experiences, but also narrow down who you are.

Battery Status

unavailable+3 risk

Learn More

Revenue: Can help infer mobile context and tune heavy media experiences.

Malicious: Historically added tracking entropy and can hint at user mobility.

Unavailable or blocked

Minimize Risk

Battery Status

Tailored to the detected device and browser where those signals are available.

  1. 1.On this device, disable unused sensors and review site permissions regularly.
  2. 2.Use privacy-focused browser defaults that reduce hardware, touch, and graphics entropy.
  3. 3.Avoid installing unnecessary browser extensions that expose extra device traits.

CPU Cores

unavailable+4 risk

Learn More

Revenue: Estimates device tier for performance budgets and interactive ad formats.

Malicious: Helps separate real users from automation and strengthens fingerprints.

Scanning...

Minimize Risk

CPU Cores

Tailored to the detected device and browser where those signals are available.

  1. 1.On device, reduce fingerprint entropy by avoiding unusual zoom, window sizes, and experimental browser flags.
  2. 2.Use your browser privacy protections, strict tracking prevention, or a privacy-focused browser for sensitive sessions.
  3. 3.Disable third-party cookies and clear site data for sites you do not trust.
  4. 4.Keep the browser updated so older user-agent and graphics quirks are less identifying.

Device Memory

unavailable+4 risk

Learn More

Revenue: Segments device quality and prevents sending costly experiences to low-end devices.

Malicious: Adds another stable trait to device-level tracking and risk models.

Unavailable or blocked

Minimize Risk

Device Memory

Tailored to the detected device and browser where those signals are available.

  1. 1.On device, reduce fingerprint entropy by avoiding unusual zoom, window sizes, and experimental browser flags.
  2. 2.Use your browser privacy protections, strict tracking prevention, or a privacy-focused browser for sensitive sessions.
  3. 3.Disable third-party cookies and clear site data for sites you do not trust.
  4. 4.Keep the browser updated so older user-agent and graphics quirks are less identifying.

GPU Renderer

unavailable+7 risk

Learn More

Revenue: Detects graphics capability for 3D ads, games, and video rendering.

Malicious: GPU model is a strong fingerprinting signal and can expose virtual machines.

Scanning...

Minimize Risk

GPU Renderer

Tailored to the detected device and browser where those signals are available.

  1. 1.On device, reduce fingerprint entropy by avoiding unusual zoom, window sizes, and experimental browser flags.
  2. 2.Use your browser privacy protections, strict tracking prevention, or a privacy-focused browser for sensitive sessions.
  3. 3.Disable third-party cookies and clear site data for sites you do not trust.
  4. 4.Keep the browser updated so older user-agent and graphics quirks are less identifying.

04 / Device & Sensitive Access

Device Type, Photos & Permission Gates

This section shows the inferred device class and access surfaces that can expose photos, files, camera, microphone, location, notifications, and contacts when a browser grants access.

Inferred Device Type

unavailable+6 risk

Learn More

Revenue: Device class helps price ads, choose creative, and separate mobile/tablet/desktop conversion funnels.

Malicious: Device class narrows identity and can distinguish real users from emulators or automated browsers.

Scanning...

Minimize Risk

Inferred Device Type

Tailored to the detected device and browser where those signals are available.

  1. 1.On this device, disable unused sensors and review site permissions regularly.
  2. 2.Use privacy-focused browser defaults that reduce hardware, touch, and graphics entropy.
  3. 3.Avoid installing unnecessary browser extensions that expose extra device traits.

Camera & Photos

unavailable+3 risk

Learn More

Revenue: Camera/photo access powers uploads, profile pictures, video calls, QR scanning, and visual commerce.

Malicious: If granted to an untrusted site, camera/photos can expose faces, surroundings, documents, or private media.

Scanning...

Minimize Risk

Camera & Photos

Tailored to the detected device and browser where those signals are available.

  1. 1.Do not grant camera access unless the site clearly needs it for the current task.
  2. 2.For photo uploads, select only the specific photos/files needed; websites cannot access the rest unless you choose them.
  3. 3.After uploading from this device, revoke camera/photo-related permissions for sites you do not use often.
  4. 4.Watch for browser prompts that ask for camera access when a simple file upload would be enough.

Microphone

unavailable+3 risk

Learn More

Revenue: Audio access enables calls, voice search, dictation, and media creation features.

Malicious: A granted microphone permission can expose conversations or ambient location clues.

Scanning...

Minimize Risk

Microphone

Tailored to the detected device and browser where those signals are available.

  1. 1.Keep microphone permission on Ask or Block by default.
  2. 2.End calls and close tabs that have active microphone indicators.
  3. 3.Review device OS privacy settings because system-level microphone grants can override expectations.

Precise Location Permission

unavailable+4 risk

Learn More

Revenue: Precise location drives local offers, delivery flows, weather, maps, and store attribution.

Malicious: Precise location can reveal home, workplace, routines, and sensitive visits.

Scanning...

Minimize Risk

Precise Location Permission

Tailored to the detected device and browser where those signals are available.

  1. 1.Set your browser location permission to Ask or Block by default.
  2. 2.Grant precise location only to sites that truly need it, and revoke it after use.
  3. 3.On device, review OS-level location permissions because browser permission can depend on system settings.

Notifications

unavailable+2 risk

Learn More

Revenue: Notifications re-engage users and recover abandoned carts or content sessions.

Malicious: Abusive notifications can deliver phishing prompts or persistent behavioral tracking.

Scanning...

Minimize Risk

Notifications

Tailored to the detected device and browser where those signals are available.

  1. 1.Block notification prompts by default and allow only trusted sites.
  2. 2.Remove old notification grants for stores, blogs, or one-time apps you no longer use.
  3. 3.Treat unexpected notification prompts as a phishing risk.

Files, Photos & Contacts APIs

unavailable+5 risk

Learn More

Revenue: File/photo pickers support uploads, document workflows, customer support, and social sharing.

Malicious: A deceptive site can trick users into choosing sensitive files even though automatic file scanning is blocked.

Scanning...

Minimize Risk

Files, Photos & Contacts APIs

Tailored to the detected device and browser where those signals are available.

  1. 1.Use the file picker deliberately and choose only the exact files/photos needed.
  2. 2.Avoid granting File System Access to untrusted sites; prefer one-time uploads.
  3. 3.On device, keep sensitive documents outside default downloads/photos folders when possible.
  4. 4.Close the tab after upload flows that handled private documents.

05 / Browser-Side Storage

Clipboard, Cookies & Local Data

Sites can often inspect storage surfaces they own, request sensitive permissions, and sometimes read clipboard content when the browser grants access.

Clipboard Content

unavailable+4 risk

Learn More

Revenue: A legitimate app may use clipboard reads for paste flows, coupon capture, or attribution codes.

Malicious: A hostile site could attempt to capture passwords, crypto addresses, tokens, or private notes from the clipboard.

Scanning...

Minimize Risk

Clipboard Content

Tailored to the detected device and browser where those signals are available.

  1. 1.Do not paste passwords, recovery phrases, or tokens into untrusted pages.
  2. 2.Clear the clipboard after copying sensitive data.
  3. 3.In your browser, block clipboard permission for sites that do not need paste automation.

Permission States

unavailable+5 risk

Learn More

Revenue: Permission states let sites tailor prompts and estimate how reachable a user is through notifications or location.

Malicious: Permission probing can reveal past choices and identify users with risky browser settings.

Scanning...

Minimize Risk

Permission States

Tailored to the detected device and browser where those signals are available.

  1. 1.Open your browser site settings and revoke permissions for sites you do not recognize.
  2. 2.Keep camera, microphone, location, and notifications on Ask by default.
  3. 3.Also check device OS privacy settings for app-level browser permissions.

Cookies

unavailable+6 risk

Learn More

Revenue: First-party cookies store sessions, experiments, ad attribution IDs, and conversion state.

Malicious: Readable cookies can expose identifiers or weakly protected session-adjacent data to scripts.

Scanning...

Minimize Risk

Cookies

Tailored to the detected device and browser where those signals are available.

  1. 1.Block third-party cookies and clear site data periodically.
  2. 2.Use separate browser profiles for social media, shopping, and sensitive work.
  3. 3.Log out of accounts before browsing sites where cross-site profiling is a concern.

Local Storage

unavailable+2 risk

Learn More

Revenue: Stores preferences, anonymous IDs, feature flags, cart state, and analytics queues.

Malicious: Can persist tracking IDs or expose sensitive app data if scripts are compromised.

Scanning...

Minimize Risk

Local Storage

Tailored to the detected device and browser where those signals are available.

  1. 1.Clear site data for sites you no longer trust or use.
  2. 2.Use private browsing for one-off sessions to reduce persistent storage.
  3. 3.Prefer browsers that partition storage by top-level site.

Session Storage

unavailable+1 risk

Learn More

Revenue: Stores short-lived funnel state, form progress, and campaign context for a tab.

Malicious: May leak temporary identifiers or checkout data to injected scripts.

Scanning...

Minimize Risk

Session Storage

Tailored to the detected device and browser where those signals are available.

  1. 1.Clear site data for sites you no longer trust or use.
  2. 2.Use private browsing for one-off sessions to reduce persistent storage.
  3. 3.Prefer browsers that partition storage by top-level site.

IndexedDB

unavailable+4 risk

Learn More

Revenue: Caches offline app data, event queues, media, and durable user preferences.

Malicious: Can store durable identifiers or large tracking state that survives normal page reloads.

Scanning...

Minimize Risk

IndexedDB

Tailored to the detected device and browser where those signals are available.

  1. 1.Clear site data for sites you no longer trust or use.
  2. 2.Use private browsing for one-off sessions to reduce persistent storage.
  3. 3.Prefer browsers that partition storage by top-level site.

Storage Quota

unavailable+3 risk

Learn More

Revenue: Helps apps decide how much content, media, or analytics queue data can be cached.

Malicious: Quota and usage can hint at device class, browser profile age, and storage behavior.

Scanning...

Minimize Risk

Storage Quota

Tailored to the detected device and browser where those signals are available.

  1. 1.Clear site data for sites you no longer trust or use.
  2. 2.Use private browsing for one-off sessions to reduce persistent storage.
  3. 3.Prefer browsers that partition storage by top-level site.

Referrer & History Length

unavailable+5 risk

Learn More

Revenue: Referrers reveal campaign source, partner traffic, and conversion paths.

Malicious: Can expose sensitive previous-page URLs or infer browsing context.

Scanning...

Minimize Risk

Referrer & History Length

Tailored to the detected device and browser where those signals are available.

  1. 1.Use private browsing when the referrer or tab session history count may reveal sensitive context.
  2. 2.Open sensitive links in a fresh tab or profile to reduce referrer and session-history leakage.
  3. 3.Disable sending referrers through privacy settings or extensions when needed.

Privacy Signals

unavailable+2 risk

Learn More

Revenue: Consent systems may use privacy preferences to adjust personalization and measurement.

Malicious: Privacy flags can themselves become profile attributes if logged carelessly.

Scanning...

Minimize Risk

Privacy Signals

Tailored to the detected device and browser where those signals are available.

  1. 1.Enable Global Privacy Control where supported.
  2. 2.Turn on strict tracking prevention and block third-party cookies.
  3. 3.Do not rely on Do Not Track alone; many sites ignore it.

06 / Capabilities

Connection, Input & Media Signals

Browsers expose capability signals so sites can adapt, but the same values can enrich a profile.

Network Capability

unavailable+3 risk

Learn More

Revenue: Lets sites choose lower-cost creative, video quality, and analytics batching for slower networks.

Malicious: Adds connectivity traits to fraud and device profiles.

Scanning...

Minimize Risk

Network Capability

Tailored to the detected device and browser where those signals are available.

  1. 1.Use a trusted VPN, iCloud Private Relay, or privacy relay when you want to mask public IP and ISP.
  2. 2.Disable WebRTC local IP leakage in browsers/extensions if your threat model includes IP correlation.
  3. 3.Avoid logging into identity-heavy accounts during sessions where network privacy matters.

Input & Touch

unavailable+4 risk

Learn More

Revenue: Helps tune mobile layouts, tap targets, and interactive ad formats.

Malicious: Can distinguish phones, tablets, touch laptops, emulators, and bots.

Scanning...

Minimize Risk

Input & Touch

Tailored to the detected device and browser where those signals are available.

  1. 1.On this device, disable unused sensors and review site permissions regularly.
  2. 2.Use privacy-focused browser defaults that reduce hardware, touch, and graphics entropy.
  3. 3.Avoid installing unnecessary browser extensions that expose extra device traits.

Viewport & Display Depth

unavailable+5 risk

Learn More

Revenue: Improves responsive design, ad placement, and media quality choices.

Malicious: Viewport and display traits increase fingerprint uniqueness.

Scanning...

Minimize Risk

Viewport & Display Depth

Tailored to the detected device and browser where those signals are available.

  1. 1.Use common browser zoom levels and avoid highly unusual window sizes when privacy matters.
  2. 2.Prefer built-in browser privacy modes that reduce canvas/WebGL or screen entropy.
  3. 3.On device, avoid granting unnecessary display, media, or sensor permissions to unknown sites.

Plugins & MIME Types

unavailable+4 risk

Learn More

Revenue: Historically helped compatibility checks for embedded media and document handling.

Malicious: Plugin and MIME lists were classic high-entropy fingerprinting signals.

Scanning...

Minimize Risk

Plugins & MIME Types

Tailored to the detected device and browser where those signals are available.

  1. 1.Keep the browser updated to reduce old-version fingerprinting and exploit risk.
  2. 2.Disable unnecessary extensions because they can alter fingerprintable behavior.
  3. 3.Use a separate browser profile for shopping/social accounts versus sensitive research.

Media Device Kinds

unavailable+3 risk

Learn More

Revenue: Video apps can preflight whether camera or microphone categories exist.

Malicious: Device-kind presence can hint at hardware setup even before names are revealed.

Scanning...

Minimize Risk

Media Device Kinds

Tailored to the detected device and browser where those signals are available.

  1. 1.Do not grant camera access unless the site clearly needs it for the current task.
  2. 2.For photo uploads, select only the specific photos/files needed; websites cannot access the rest unless you choose them.
  3. 3.After uploading from this device, revoke camera/photo-related permissions for sites you do not use often.
  4. 4.Watch for browser prompts that ask for camera access when a simple file upload would be enough.

Languages & Time Offset

unavailable+5 risk

Learn More

Revenue: Improves localization, market segmentation, and ad delivery timing.

Malicious: Language/timezone mismatches can be used for VPN detection and fingerprinting.

Scanning...

Minimize Risk

Languages & Time Offset

Tailored to the detected device and browser where those signals are available.

  1. 1.Keep language and timezone settings consistent with the location you intentionally present online.
  2. 2.Use a VPN only with an aligned timezone if you are trying to avoid location mismatch fingerprinting.
  3. 3.Disable unnecessary language packs if they make your browser profile unusually specific.

Browsing History Reality Check

What sites can see about history

Normal websites cannot read your full browser history or list visited URLs. They can still receive enough surrounding context to profile a visit.

Current Page

Scanning current URL...

Session Count

history.length: unknown

Full History

Full history is protected by browser boundaries.

Full Component Data

Raw browser-side values

This is the normalized data object powering every card above. It helps users verify exactly what was available, blocked, or empty.

Collecting browser-side component data...
Shadow Profile Model

How pixels convert signals into identity

Facebook, TikTok, and similar pixels do not need a name to start profiling. They can connect browser traits, IP metadata, page views, referrers, and conversion events into a probabilistic household or device profile used for targeting and attribution.

Observe

Collect passive browser, network, and page-event signals.

Match

Compare repeat visits and ad-click metadata to known cohorts.

Monetize

Bid higher, retarget, suppress fraud, or build lookalike audiences.

pixel.shadow_profile = confidence(0 detected signals, browser fingerprint, IP region, hardware class)