Privacy demo

What your browser tells me

Every site you visit learns this about you — usually within milliseconds of the request hitting the server. Nothing on this page is stored or sent back. It only shows you what your own browser already revealed.

Stable hash computing…

Volatile hash computing…

Your IP 216.73.217.109

From Columbus, United States

Browser detecting…

Privacy


                    DATACENTER

See fingerprints

Persistence

I remember you

Fingerprints persist across visits — they don't need cookies. The first time you load this page, we save the hash in localStorage. On every return visit, we check whether it's the same person. (You can clear it via your browser's site data.)

Visit history

Statuschecking storage… First seen— Last seen— Visit number— Stored hash— Hash drift—

A site only needs one stable identifier to follow you across sessions. Deleting cookies doesn't help if it's matching on the fingerprint. Try opening this page in private/incognito mode and watch the visit counter reset — but the hash usually stays the same.

What the server saw

Network & Identity

No JavaScript required. The instant your browser made the request, this is what arrived. Routed through a reverse proxy, so the IP is taken from X-Forwarded-For.

IP & DNS

Public IP216.73.217.109 Reverse DNS— Proxy hops216.73.217.109

Your IP identifies your network. Reverse DNS often reveals your ISP or hosting provider; coffee shop and mobile networks give themselves away here.

GeoIP Lookup

CountryUnited States RegionOhio CityColumbus Postal43215 Latitude39.9587 Longitude-82.9987 TimezoneAmerica/New_York ASNAS16509 OrgAmazon.com, Inc.

Free GeoIP databases place you within a few miles. They're populated from network registration records (WHOIS) and traffic data. Source: ipapi.co

Privacy flags

Tor exit ✗ No VPN provider ✗ No match Datacenter / hosting ✓ Hosting Org / ASN Amazon.com, Inc.

VPN/datacenter detection here uses a name-based heuristic on the registered ASN (commercial APIs do better). Tor exits are matched against the live Tor Project exit list, refreshed every 24h.

CrowdSec Security Status

Local Engine

LAPI status ✓ Online Your IP Status ✓ Clean

Recent Server Blocks

Target	Reason	Action	Remaining
4.201.96.144	http-probing	ban	10m38s
4.201.96.144	http-wordpress-scan	ban	10m40s
4.201.96.144	http-crawl-non_statics	ban	10m49s
31.171.130.75	http:scan	ban	14m8s
31.171.130.60	http:scan	ban	14m8s

This site utilizes CrowdSec to passively detect and remediate malicious behavior. If your IP triggers enough security rules, the local engine (LAPI) distributes a block decision, which is automatically enforced at the reverse proxy layer.

All HTTP request headers (10)

Accept*/* Accept-Encodinggzip, br, zstd, deflate Hostnotfixingit.com User-AgentMozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com) X-Forwarded-For216.73.217.109 X-Forwarded-Hostnotfixingit.com X-Forwarded-Port443 X-Forwarded-Protohttps X-Forwarded-Server3f6597874cbf X-Real-Ip216.73.217.109

What JavaScript reveals

Browser & System

Once a single script runs, the surface area expands enormously. Most of this is collected silently by analytics scripts on every site you visit.

Browser

User-Agent— Brand— Version— Platform— Mobile— Vendor— Languages— Cookie enabled— DNT—

Display

Screen— Viewport— Pixel ratio— Color depth— Color gamut— Dynamic range— Forced colors— Pointer— Hover— Refresh rate— Orientation— Color scheme— Reduced motion—

Hardware

CPU cores— Device memory— Touch points— GPU vendor— GPU renderer— WebGPU vendor— WebGPU arch— WebGPU device— JS heap (Chrome)— Battery—

WebGPU's adapter info is more revealing than WebGL — it exposes silicon-level identifiers and is harder to spoof.

Time & locale

Browser timezone— GeoIP timezoneAmerica/New_York TZ match— UTC offset— Locale— Browser time— Server time2026-06-20T11:22:56+00:00 Server TZUTC

Mismatch between browser timezone and the timezone of your apparent IP location is a strong VPN/Tor signal — and it's how many bot/fraud-detection systems flag traffic.

Network

Connection type— Effective— Downlink— RTT— Save-Data—

The Network Information API exposes link quality. It's how YouTube quietly drops quality on bad connections.

Storage

localStorage— sessionStorage— indexedDB— Service workers— Persisted storage— Quota— In use—

Storage quota varies with available disk space. A 2 GB quota signals a mobile device or constrained environment; 100+ GB signals desktop.

Security & Privacy Probes

Ad-blocker active— Automation (bot)— JS Engine— Keyboard Layout— Extensions found—

Ad-blocker detection probes standard advertisement filenames. Extension detection checks for globally injected API namespaces. JS engine type is deduced via engine quirks.

Silent identification

Fingerprints

These techniques don't ask permission and don't show up in any privacy indicator. The values are stable across visits but vary between people — perfect for re-identifying you even with cookies disabled.

Canvas

Hash—

Browsers render the same drawing slightly differently depending on GPU, drivers, fonts, anti-aliasing, and OS. The hash above is stable for you, distinct from most others.

WebGL

Vendor— Renderer— GLSL version— Max texture— Extensions— Hash—

AudioContext

Hash— Sample rate—

A signal is generated, run through filters, and a sum of the output is taken. The result is consistent for the same browser + hardware combination.

Detected fonts

Count—

Each operating system ships with a different set of fonts. Adobe products, Microsoft Office, and games all install more. Your specific combination is fairly unique.

Estimated entropy

—

computing…

Permission state

Permissions & capabilities

Most permission queries don't require user interaction — sites can quietly probe which features you've granted elsewhere.

Permission queries

A site can quietly enumerate these on every page load.

Media devices

Cameras— Microphones— Speakers—

The counts are visible without permission. Labels only appear after you grant access.

Speech synthesis voices

Voice count—

Installed voices vary by OS, language packs, and assistive tech.

Capabilities

WebAuthn— Platform authenticator— Conditional UI— WebGPU— WebHID— WebSerial— WebUSB— WebNFC— Bluetooth— PaymentRequest— Credential Mgmt— Eye Dropper—

Capability detection doesn't need permission. Knowing you have Touch ID / Windows Hello / a YubiKey-capable browser narrows down your device class significantly.

Opt-in probes

Reveal more

These require your action. Click and watch.

WebRTC local-network leak

WebRTC discovers your local IP for peer-to-peer connections — even with a VPN. This is one of the most reliable VPN-bypass techniques.

Local IPsclick button

Geolocation (precise)

Browsers ask permission for this — but most users grant it on the first prompt. Accuracy down to a few metres on mobile.

Latitudeclick button Longitudeclick button Accuracy—

Clipboard

Reading the clipboard requires permission, but the user-agent can announce capability.

Clipboard readclick button

What now

Defensive measures

Total resistance is hard — but you can make yourself blend into a crowd.

Use the Tor Browser

Built to make every user look identical at the fingerprinting layer. Slow, but the most effective single tool.

Firefox Resist Fingerprinting

privacy.resistFingerprinting in about:config. Spoofs UA, locks timezone to UTC, randomises canvas.

uBlock Origin + privacy lists

Most tracking happens in third-party scripts. Block those and 90% of telemetry disappears.

Disable WebRTC if you don't use it

Brave and Firefox both let you turn off the local-IP leak path without disabling video calling.

VPN + matching timezone

A VPN hides your IP but not your timezone. Mismatched values scream "VPN user". Match them.

Don't grant permissions casually

Once you grant geolocation/camera/microphone to a site, any script running on that origin can use it.