Skip to main content
Version: 1.0.x.x LTS

Fingerprint module

The Fingerprint module stores the device fingerprints of user requests. It also calculates the risk score of the actual request based on the historical data of previous requests of the same user.

The Fingerprint module uses several analyzers to calculate the risk score for a specific user:

  • Fingerprint analyzer: This analyzer counts the number of times a user uses the same device/browser to access an application (one count per terminated session).
  • Fingerprint sharing analyzer: This analyzer checks if any other user uses the same device/browser.

The currently supported fingerprint technology is "fingerprintjs2". This technology creates a fingerprint in JavaScript, based on browser and device information. The fingerprint is send by a hidden field in the HTML form.

For more information about the techology and its configuration, see its website: fingerprintjs2.

The device fingerprint script collects the following information:

  • Font
  • Screen orientation
  • Plug-ins installed in browser
  • User agent
  • Language
  • Colour depth
  • Screen resolution
  • Available screen resolution
  • Time zone
  • Time zone offset
  • CPU class
  • OS platform
  • “Do not track” flag
  • Canvas info
  • WebGL
  • AdBlock
  • Connected media devices
  • Touch support
  • Hardware currency
  • Device memory

You can customize the Java script to collect more information or to exclude certain information from being collected. If you do so, consider the following:

  • Too many attributes may result in false positives.
    For example, suppose the browser version is part of the collected attribute list. Now every time a user upgrades his browser, the fingerprint of his device will change (because of the different browser version), leading to a high risk score of the user's next HTTP request.
  • Collecting only a few attributes may increase the number of false positives in the risk calculation of the fingerprint sharing analyzer.

It is therefore recommended collecting only device specific attributes for the fingerprint analysis. In case of many false positives, ignore the risk score calculated by the fingerprint sharing analyzer.