Skip to main content

Device fingerprinting with fraugster.js

Fraugster.js is a browser-side JavaScript library. Use the library to collect browser fingerprinting information that you can later submit to the Fraugster API.

Fraugster.js uses AWS CloudFront for JavaScript agent delivery. It ensures wide geographic availability and excellent performance as the code is hosted at edge locations around the world.

CORS allowlist

Fraugster restricts outside access to our CDN to only those requests originating from approved domains. Provide us with your domain name so that we add it to our CORS allowlist.

Install the script

Add the script as standard JavaScript on the page where you want to collect the browser information (for example, your checkout page).

<script src="https://js.fraugster.com/fraugster.js" integrity="sha384-O7lnJ9bjAd27tldfPpHwEGn4o3dnqPNUiLOpna4EoC+24Eah6OhoMvNVY8Q2ubkf" crossorigin="anonymous"></script>

When the script is loaded, it defines a global object that namespaces its functionality.

const info = Fraugster.browserInfo() // BrowserInfo

The output of the BrowserInfo object is not sent to Fraugster automatically. Add it to the device_fingerprint datapoint and send it to Fraugster in your API request. This datapoint is an object, so if the BrowserInfo output has been "stringified" to be sent to the Fraugster API, it must be decoded again before being added to the datapoint.

The relevant section of the final request should look like the following (truncated) example.

"trans_id": "d72xfdil915889fu",
"order_id": "000000999140045453863",
...
"device_fingerprint": {
"user_agent":"Mozilla/5.0...",
"cookies_enabled":true,
"cava_enabled":false,
"language":"en-US",
...
},
...

NOT

"device_fingerprint": "{\"user_agent\":\"Mozilla/5.0…\",\"cookies_enabled\":true,\"cava_enabled":false,  \"language\":\"en-US\", ...}"

The following table contains the possible components of the device_fingerprint object:

FieldDescriptionExample
user_agentIdentifies the browser details including the vendor, version, platform etc.Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0"
cookies_enabledIndicates whether the user's browser has cookies enabled. The value is a boolean.true
java_enabledIndicates whether the user's browser is Java-enabled. The value is a boolean.false
languageA string representing the language of the user's browser."en-US"
pluginsA list of installed browser plugins.
timezoneThe timezone of the browser in IANA timezone format."Europe/Berlin", "America/New_York"
timezone_offsetA number representing the timezone offset in minutes from the date based on the current host system settings to UTC."2"
do_not_trackIndicates whether the user is requesting web sites and advertisers not to track them. The value is a boolean.true
platformA string representing the platform of the browser."MacIntel", "Win32"
geo_supportedIndicates whether the user's device has geo location data available. The value is a boolean.false
screen_widthThe width of the the user's screen in pixels."1920", "2560"
screen_heightThe height of the the user's screen in pixels."1028", "1440"
screen_depthThe color depth of the the user's screen."24"
logical_coresThe number of logical processors available to run threads on the user's computer."4"

Script security

We encourage you to use Subresource Integrity (SRI) to ensure that only the intended version of the script would ever be loaded from our CDN.

Find the source code of the script on our GitHub account.

The following steps outline the flow of events to complete the integrity check:

  1. Copy the value of the integrity attribute from the fraugster.js script tag.
  2. Generate your own hash using one of these tools for the version of the script that you have manually validated.
  3. Compare the two hashes to verify that what we serve from the CDN is the same as what you have reviewed.

Script updates

We update fraugster.js as soon as there is a need to improve its performance. For example, we may add more fields that are captured in the BrowserInfo object in the future. We will notify you ahead of an update in due time.

To update the script on your side, you need to update the script URL with a new version and re-generate the SRI hash.