What it tests: Whether your browser blocks tracking cookies from third-party domains.

How it works: The test attempts to set a cookie with SameSite=None and Secure attributes, which are commonly used by cross-site trackers. It then checks if the cookie was successfully set and readable.

Why it matters: Third-party cookies are the primary mechanism for cross-site tracking. Blocking them significantly improves privacy by preventing advertisers from building profiles across multiple websites.

Protection methods: Modern browsers like Safari and Firefox block third-party cookies by default. Chrome is phasing them out gradually.

What it tests: Whether your browser prevents canvas-based fingerprinting techniques.

How it works: Creates an HTML5 canvas element and draws text and shapes with specific fonts, colors, and effects. The rendered image is then converted to a data URL. Different systems render slightly different results, creating a unique "fingerprint."

Technical details: The test draws text like "Privacy Test 🔒" with specific styling, then checks if the resulting image data is blocked, randomized, or returns a generic result.

Why it matters: Canvas fingerprinting can identify users even without cookies by exploiting tiny differences in how graphics are rendered across different devices and configurations.

Protection methods: Privacy-focused browsers may block canvas access, return blank canvases, or add noise to the rendered output.

What it tests: Whether WebRTC (Web Real-Time Communication) exposes your local IP address.

How it works: Creates an RTCPeerConnection with a STUN server (stun.l.google.com:19302) and monitors ICE candidates for local IP addresses. The test looks for private IP ranges like 192.168.x.x, 10.x.x.x, and 172.x.x.x.

Technical process: Establishes a peer connection, creates a data channel, generates an offer, and listens for ICE candidates that may contain local network information.

Why it matters: Even when using a VPN, WebRTC can leak your real local IP address, potentially revealing your location and network configuration to websites.

Protection methods: Browsers can disable WebRTC entirely, limit it to public interfaces only, or require user permission for access.

What it tests: Whether the Do Not Track (DNT) header is enabled in your browser.

How it works: Checks the navigator.doNotTrack property, which reflects the DNT header value sent with HTTP requests.

Header values: The test looks for values of "1" (tracking disabled) or "yes" (older specification) versus "0" (tracking allowed) or undefined.

Why it matters: While not legally binding, DNT signals your privacy preference to websites. Some privacy-respecting sites honor this header.

Limitations: Many websites ignore DNT headers, and the standard has limited adoption. It's more of a privacy signal than a protection mechanism.

What it tests: How much referrer information your browser shares when navigating between sites.

How it works: Examines the document.referrerPolicy value to determine what referrer information is sent in HTTP headers.

Policy types: Checks for strict policies like "no-referrer" (sends no referrer), "same-origin" (only to same domain), or "strict-origin" (only origin, not full URL).

Why it matters: Referrer headers can leak sensitive information about your browsing patterns, including search terms and private page URLs.

Privacy implications: Loose referrer policies allow websites to track where visitors came from, potentially revealing personal information.

What it tests: How much identifying information your browser reveals through its User Agent string.

How it works: Analyzes navigator.userAgent for detailed version numbers, operating system information, and other potentially identifying details.

Analysis criteria: Looks for specific browser versions, detailed OS information, and overall string length to assess fingerprinting risk.

Why it matters: Detailed User Agent strings contribute to browser fingerprinting by revealing your exact browser version, operating system, and sometimes hardware details.

Modern trends: Browsers are moving toward "User Agent reduction" to provide less detailed information and improve privacy.