Device fingerprinting with fraugster.js
Fraugster.js is a browser-side JavaScript library. Use the library to collect browser fingerprinting information that you can later submit to the Fraugster API.
Fraugster.js uses AWS CloudFront for JavaScript agent delivery. It ensures wide geographic availability and excellent performance as the code is hosted at edge locations around the world.
CORS allowlist
Fraugster restricts outside access to our CDN to only those requests originating from approved domains. Provide us with your domain name so that we add it to our CORS allowlist.
Install the script
Add the script as standard JavaScript on the page where you want to collect the browser information (for example, your checkout page).
<script src="https://js.fraugster.com/fraugster.js" integrity="sha384-O7lnJ9bjAd27tldfPpHwEGn4o3dnqPNUiLOpna4EoC+24Eah6OhoMvNVY8Q2ubkf" crossorigin="anonymous"></script>
When the script is loaded, it defines a global object that namespaces its functionality.
const info = Fraugster.browserInfo() // BrowserInfo
The output of the BrowserInfo object is not sent to Fraugster automatically.
Add it to the device_fingerprint datapoint and send it to Fraugster in your
API request. This datapoint is an object, so if the BrowserInfo output has
been "stringified" to be sent to the Fraugster API, it must be decoded again
before being added to the datapoint.
The relevant section of the final request should look like the following (truncated) example.
"trans_id": "d72xfdil915889fu",
"order_id": "000000999140045453863",
...
"device_fingerprint": {
"user_agent":"Mozilla/5.0...",
"cookies_enabled":true,
"cava_enabled":false,
"language":"en-US",
...
},
...
NOT
"device_fingerprint": "{\"user_agent\":\"Mozilla/5.0…\",\"cookies_enabled\":true,\"cava_enabled":false, \"language\":\"en-US\", ...}"
The following table contains the possible components of the
device_fingerprint object:
| Field | Description | Example |
|---|---|---|
user_agent | Identifies the browser details including the vendor, version, platform etc. | Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0" |
cookies_enabled | Indicates whether the user's browser has cookies enabled. The value is a boolean. | true |
java_enabled | Indicates whether the user's browser is Java-enabled. The value is a boolean. | false |
language | A string representing the language of the user's browser. | "en-US" |
plugins | A list of installed browser plugins. | |
timezone | The timezone of the browser in IANA timezone format. | "Europe/Berlin", "America/New_York" |
timezone_offset | A number representing the timezone offset in minutes from the date based on the current host system settings to UTC. | "2" |
do_not_track | Indicates whether the user is requesting web sites and advertisers not to track them. The value is a boolean. | true |
platform | A string representing the platform of the browser. | "MacIntel", "Win32" |
geo_supported | Indicates whether the user's device has geo location data available. The value is a boolean. | false |
screen_width | The width of the the user's screen in pixels. | "1920", "2560" |
screen_height | The height of the the user's screen in pixels. | "1028", "1440" |
screen_depth | The color depth of the the user's screen. | "24" |
logical_cores | The number of logical processors available to run threads on the user's computer. | "4" |
Script security
We encourage you to use Subresource Integrity (SRI) to ensure that only the intended version of the script would ever be loaded from our CDN.
Find the source code of the script on our GitHub account.
The following steps outline the flow of events to complete the integrity check:
- Copy the value of the
integrityattribute from the fraugster.js script tag. - Generate your own hash using one of these tools for the version of the script that you have manually validated.
- Compare the two hashes to verify that what we serve from the CDN is the same as what you have reviewed.
Script updates
We update fraugster.js as soon as there is a need to improve its performance.
For example, we may add more fields that are captured in the BrowserInfo
object in the future. We will notify you ahead of an update in due time.
To update the script on your side, you need to update the script URL with a new version and re-generate the SRI hash.