Tor Browser fingerprint expectations
Tor Browser is the most hardened mainstream browser against fingerprinting. But "hardened" is not "perfect" — run a live test to see what our probes can and cannot detect in your Tor session.
How Tor Browser defeats fingerprinting — and where its limits are
Tor Browser is Firefox ESR with a set of hardening patches maintained by the Tor Project. Its fingerprint resistance strategy differs fundamentally from other browsers: rather than blocking tracking scripts (which simply shifts the arms race), it makes all Tor users look identical to one another. This uniformity is the core defence.
Canvas and WebGL readbacks are blocked entirely — the browser prompts the user before allowing a site to read canvas image data, and by default returns a blank or permission-denied response. The reported window size is normalised to a standard value regardless of actual screen dimensions (typically 1000×1000 or constrained to a letterboxed safe area). The timezone is always reported as UTC, regardless of the user's actual timezone. System fonts are limited to a small curated set so font detection probes cannot distinguish users by installed font list.
All traffic is routed through the Tor anonymity network, so the IP address seen by a destination server belongs to a Tor exit node, not the user. The exit node IP is publicly listed, meaning sites can detect Tor use but cannot identify the real IP.
Remaining signals include the User-Agent string (which identifies Tor Browser's Firefox ESR version — a known Tor fingerprint), the normalised screen dimensions themselves (which are characteristic), and any JavaScript API the browser doesn't explicitly restrict. The Security Level setting (Standard, Safer, Safest) progressively disables JavaScript and other APIs; Safest mode disables JS entirely, eliminating client-side probes at the cost of breaking most web apps.
What we measure in your Tor Browser session
- User-Agent — Firefox ESR version, Tor detection via UA pattern
- HTTP headers — Accept-Language, timezone, header fingerprint
- Screen & display — normalised window size, letterboxing detection
- System locale & timezone — spoofed UTC timezone detection
- Canvas fingerprint — blocked/blank response detection
- WebGL — blocked or restricted output detection
- Audio fingerprint — blocked AudioContext detection
- Font detection — restricted curated font set detection
- Hardware signals — spoofed or restricted hardware API output
- IP geolocation — Tor exit node country, ISP (local MaxMind lookup)
Run a live analysis inside Tor Browser to see how our probes respond.
Check my Tor Browser scoreFrequently asked questions
Will this tool show a low exposure score in Tor Browser?
Typically yes — Tor Browser's protections (canvas block, UTC timezone, normalised window, restricted fonts) trip many of the fingerprint probes to either blocked or spoofed results, which is counted as a positive privacy signal. The score reflects what our probes can infer. A Tor Browser user on Safer/Safest level will typically score in the low-exposure range, with the Tor exit node IP as the main remaining geographic signal.
Is the Tor Browser User-Agent itself a fingerprint?
It is a cohort identifier rather than an individual fingerprint. Because thousands of Tor Browser users share the same User-Agent string (tied to the current ESR release), sites can identify the browser as Tor Browser but cannot distinguish between users within that cohort. The Tor Project intentionally keeps all users on the same UA version to maintain this crowd anonymity.
Should I keep the Security Level at Safer or Safest?
Safer disables JavaScript on non-HTTPS sites and removes some risky JS features. Safest disables JavaScript entirely, removing all client-side fingerprint vectors but breaking most modern web applications. Standard provides usable browsing with Tor's default protections. For most high-risk anonymity use cases, Safer is a reasonable balance. Safest is appropriate when anonymity is paramount and functionality is secondary.