Main Stylesheet
Documentation Fundamentals

Browser Fingerprint

What is a Browser Fingerprint?

Browser fingerprinting is a technique used to recognize a browser (and thus its user) based on the combination of its technical characteristics.

Taken individually, this information is not unique. However, when these characteristics are combined, they result in an almost unique combination. Not quite as unique as a human fingerprint, but that’s where the name comes from.

For web analytics, a fingerprint is practical for recognizing users as they browse within a website.

The owntag Browser Fingerprint

owntag calculates a browser fingerprint for each incoming HTTP request, allowing you to recognize the user’s browser without needing to rely on browser storage like cookies or localStorage.

You can find the owntag Browser Fingerprint in the HTTP header:

X-Owntag-Browser-Fingerprint

These are the basics for the fingerprint:

  • IP address
  • The User-Agent
  • The Accept-Language header
  • The hostname of the owntag SGTM container to which the request was sent
  • TLS version
  • TLS cipher suite
  • TLS protocol

To make it easier to work with, we process this information into a so-called “hash.” It looks like this, for example:

ca287f49-deda-5e77-b6e7-7f6f2cb956e8

The individual pieces of information cannot be deduced from it. The format is called “UUID” and is always XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX.

Passive Fingerprinting

An important feature of the owntag Browser Fingerprint is that it is a passive fingerprint.
This means that it is only created from the data that the browser already sends to the tagging server.

Most implementations of browser fingerprints involve active fingerprinting, i.e., cases where information is deliberately collected in the browser using JavaScript solely to create the fingerprint.

Privacy

Please be aware that as an owntag user, you are responsible for whether and how you use the browser fingerprint for your web analytics & marketing tech implementations.
If you are unsure whether your use case complies with data protection laws, seek legal advice in advance.