Browser signatures/fingerprint in request headers


#1

Are there plans for Cloudflare to provide a browser signature in the request headers?


#2

I don’t think so, but can you clarify what your objective is? We might have other solutions.


#3

Hi Ryan

Basically browser fingerprinting that could be used for fraud detection - we already do a few checks when people register - stopforumspam, IP address, geolocation but fingerprinting would give us an edge.


#4

Are you looking for something other than user-agent?


#5

Yes… Something like this https://github.com/mattbrailsford/imprintjs or https://github.com/Valve/fingerprintjs2 but that could come in request headers.

For example test page for the first code https://mattbrailsford.github.io/imprintjs/default.html and my own test page https://www.geekzone.co.nz/testbrowser.asp

I also would like to see a request header with Cloudflare’s assessment of a browser (as in Bad, BOT, Clear) or similar.

Those two things would help a lot in terms of security/safety…


#6

It’s a balancing act. We want to be as transparent as possible, but also don’t want to give bad actors any help figuring out how our systems work.

What I can confirm is that we are looking into providing additional scoring specifically geared toward bots. Just can’t give any specifics. But I’ve passed along your feedback.