Request / Network
- User Agent
- ...
- Referrer
- ...
- Online Status
- ...
- Connection Type
- ...
- Downlink
- ...
- Round-trip Time
- ...
whoami
Every website you visit receives headers, screen details, hardware hints, timezone, language, and much more. This page shows exactly what your browser is willing to share — no account, no cookies, no login required.
GET /whoami.html HTTP/2
Host: hanrahan.cloud
User-Agent: ...
Accept-Language: ...
Referer: ...
Viewport: ...
# Plus everything JS can read below.
Fingerprint
A hash of stable browser and hardware traits. Advertisers and trackers use similar signals to recognise you across sessions without cookies.
calculating...
Live Data
Geolocation
Websites can ask your browser for precise GPS coordinates. Your browser will prompt you first. Try it below to see what a site receives — and why you should usually say no.
No location requested yet.
Advanced
Rendering text, gradients, and emoji to a hidden canvas produces a unique pixel signature across browsers and devices.
...
Privacy
Your public IP address, TCP/TLS fingerprint, requested URL, HTTP version, and all request headers are visible to the web server before JavaScript even loads. A VPN or Tor hides your IP; HTTPS hides the content but not the destination.
Once a page loads, scripts can enumerate your screen, hardware, battery, timezone, fonts, plugins, canvas/WebGL signatures, and more. These values combine into a surprisingly stable fingerprint that works even if you clear cookies.
Browsers like Firefox with strict Enhanced Tracking Protection, Brave, or Tor Browser deliberately randomise or limit many of these signals. Tor Browser makes all users look nearly identical.
Use Firefox Multi-Account Containers, Chrome profiles, or temporary browser profiles to isolate cookies, localStorage, and caches between different online identities.
Location, camera, microphone, notifications, and clipboard access should default to blocked. Only allow them on sites you trust and only when actively needed.
Trackers usually live inside ads and analytics scripts. uBlock Origin, NoScript, or uMatrix can block these before they fingerprint you. Disabling JavaScript entirely is the strongest defence.