Analyzer

Privacy Analyzer

See what data is exposed from your browser.

What information can a website find out about you when you visit it? A lot more than you probably realize. This tool lists information that any website, advertisement, and widget can collect from your web browser. Such information could be used to identify you and/or track your behavior using tactics like IP lookups and browser fingerprinting. While none of this may be considered personally identifiable information (PII), the profile drawn from all these pieces of information can be so distinct that it can only plausibly match a single person.

Tests

This page includes several tests that you can scroll through and perform one at a time to evaluate your browser privacy.

PLEASE NOTE: In order to demonstrate that a malicious site can easily detect logged in accounts without asking your permission, this tool will contact 30 popular websites where you may be logged in. However we don’t access these sites but simply present them as potential risks to your privacy.

Start Test

Scanning Your Browser for Leaks...

1. Basic Info

2. Autofill Leak Test

3. User Account Tests

4. Browser Capability Test

5. Fingerprint analysis

Basic Info Next Test

Autofill Test Next Test

If no dropdown appears when you clicked above, it means your browser appears to have autofill disabled, so you are not at risk of this vulnerability.

Your browser or password manager’s autofill might be inadvertently giving away your information to unscrupulous phishers using hidden text boxes on sites. Read more on this vulnerability

User Accounts Tests Next Test

This test checks your browser for artifacts that show what accounts you’re logged into. We test for several of the most popular sites and apps on the web. Hackers can use this information to see account usernames, email addresses, search terms, titles of viewed emails and documents, and downloaded files. The exact information varies depending on the website or service. Knowing where you’re logged in makes you an easier target for phishing and hacking attempts. For example, if you use the same password for all your accounts (you shouldn’t), then a hacker who steals it could easily hijack all your accounts in a very short span of time.

Our test shows you are logged into the following accounts:

Next Test

Browser Features:

Browser Capabilities:

A green check indicates these capabilities are enabled on your browser:

Javascript, iframes, ActiveX, and Flash all allow code to be executed in your browser, which can be a security vulnerability. You can certainly do without ActiveX and Flash, which infamously contain numerous bugs and vulnerabilities. Javascript and iframes can also be disabled, but you may find browsing the web without them a hindrance as many popular sites use them these days.

When you opened this page, we attempted to generate a popup to test whether your browser blocked it. Popups are not only annoying; they are often malicious.

Do Not Track is a setting in most web browsers that opt you out of tracking programs. While it’s good practice to turn this on, not all websites and advertisers abide by it.

Browser Request Params:

This data is sent to a server whenever the browser requests a web page. Some of these are important in regards to privacy and others are not. We’ll cover a few of of the former here:

X-Requested-With is a parameter used to prevent Cross-site request forgery (CSRF) attacks in websites that utilize AJAX. Read more here.
User-Agent details what browser you use
DNT stands for “Do Not Track”, explained above.
Referrer is the URL of the page that led you here, usually via a link. This can be used to see the last site you visited.
X-Real-IP is your IP address, which identifies your device and location. You can hide this information with a proxy or VPN.

Other Plugins:

Fingerprint analysis

This test gathers all of the little bits of information stored in your browser that, on their own, don’t mean much. When combined, however, they can form a “fingerprint” so distinct that it could only plausibly match one person or a very small group of people. This tactic, called “canvas fingerprinting,” makes it possible for websites to identify track you without the use of cookies or IP addresses.