# jonasstrehle/supercookie **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/jonasstrehle-supercookie).** 7,346 stars · 365 forks · HTML · MIT · archived ## Links - GitHub: https://github.com/jonasstrehle/supercookie - Homepage: https://supercookie.me - awesome-repositories: https://awesome-repositories.com/repository/jonasstrehle-supercookie.md ## Topics `browser` `browser-fingerprint` `browser-fingerprinting` `chrome` `cookie` `edge` `express` `favicon` `fingerprint` `firefox` `html` `identification` `javascript` `nodejs` `privacy` `safari` `security` `supercookie` `tracking` `typescript` ## Description Supercookie is a browser fingerprinting tool that assigns persistent, cross-session tracking identifiers by exploiting the browser's favicon cache. It operates without storing any data on the server, relying entirely on the browser's cache behavior to maintain tracking state across visits, including during incognito or private browsing sessions. The technique works by encoding unique user identifiers through distinct favicon subpaths, creating separate cache entries for each tracking token. A sequence of HTTP redirects through multiple favicon subpaths writes and reads cache-based tracking patterns, while the favicon's special cache handling circumvents modern browser cache partitioning that would normally isolate tracking data. The system scales exponentially by adding more subpath redirects, increasing the number of distinguishable users at the cost of longer read and write times. The tool provides a cache-based fingerprinting method that survives browser restarts and cache clearing, making the tracking token difficult to remove. It identifies users in private browsing sessions by leveraging the favicon cache's long-lived storage characteristics, bypassing standard privacy protections that other tracking methods cannot overcome. ## Tags ### Security & Cryptography - [Favicon Fingerprinters](https://awesome-repositories.com/f/security-cryptography/browser-fingerprinting-services/favicon-fingerprinters.md) — Assigns persistent browser identifiers by exploiting favicon caching across sessions. - [Favicon Cache Fingerprinters](https://awesome-repositories.com/f/security-cryptography/device-fingerprinting/fingerprint-caching/favicon-cache-fingerprinters.md) — Uses browser favicon cache behavior to store and retrieve tracking patterns across visits. - [Incognito Mode Identification Methods](https://awesome-repositories.com/f/security-cryptography/identity-provider-connections/incognito-modes/browser-incognito-sessions/incognito-mode-identification-methods.md) — Maintains tracking identifiers in incognito mode by bypassing standard privacy protections. ([source](https://cdn.jsdelivr.net/gh/jonasstrehle/supercookie@main/README.md)) - [Incognito Tracking Methods](https://awesome-repositories.com/f/security-cryptography/identity-provider-connections/incognito-modes/browser-incognito-sessions/incognito-tracking-methods.md) — Maintains user identifiers in incognito mode by bypassing standard privacy protections. - [Favicon Cache Persistence Mechanisms](https://awesome-repositories.com/f/security-cryptography/identity-provider-connections/incognito-modes/persistent-incognito-sessions/favicon-cache-persistence-mechanisms.md) — Maintains tracking identifiers across browser restarts and incognito sessions via favicon cache. - [Incognito Detection Methods](https://awesome-repositories.com/f/security-cryptography/identity-provider-connections/incognito-modes/persistent-incognito-sessions/incognito-detection-methods.md) — Identifies users in private browsing sessions by leveraging favicon cache persistence. ### Part of an Awesome List - [Favicon Cache Persistence Trackers](https://awesome-repositories.com/f/awesome-lists/devtools/favicon-investigation/favicon-cache-persistence-trackers.md) — Assigns persistent unique identifiers by exploiting the favicon cache for cross-session tracking. ([source](https://cdn.jsdelivr.net/gh/jonasstrehle/supercookie@main/README.md)) - [Favicon Cache Tracking Tools](https://awesome-repositories.com/f/awesome-lists/devtools/favicon-investigation/favicon-cache-tracking-tools.md) — Assigns persistent identifiers by encoding them in the favicon, making tracking tokens difficult to clear. ([source](https://supercookie.me/workwise)) - [Favicon Trackers](https://awesome-repositories.com/f/awesome-lists/devtools/favicon-investigation/favicon-trackers.md) — Encodes tracking tokens in favicon subpaths to create unique browser fingerprints without cookies. ### Data & Databases - [Stateless Browser Cache Trackers](https://awesome-repositories.com/f/data-databases/session-state-management/server-side-session-stores/stateless-browser-cache-trackers.md) — Tracks users without server-side storage, relying entirely on browser cache behavior. ### Development Tools & Productivity - [Favicon Cache Partition Bypasses](https://awesome-repositories.com/f/development-tools-productivity/build-caches/cache-isolations/favicon-cache-partition-bypasses.md) — Exploits the favicon cache to bypass browser cache partitioning for persistent tracking. ### DevOps & Infrastructure - [Subpath Identifier Encoders](https://awesome-repositories.com/f/devops-infrastructure/self-hosted-applications/admin-dashboards/subpath-hosting/subpath-identifier-encoders.md) — Encodes unique user identifiers through distinct favicon subpaths for cache-based tracking. - [Subpath Multiplication Trackers](https://awesome-repositories.com/f/devops-infrastructure/self-hosted-applications/admin-dashboards/subpath-hosting/subpath-multiplication-trackers.md) — Scales tracking exponentially by multiplying favicon subpath redirects for more identifiers. ### Networking & Communication - [Favicon Redirect Chain Fingerprinters](https://awesome-repositories.com/f/networking-communication/redirect-chain-inspectors/favicon-redirect-chain-fingerprinters.md) — Creates HTTP redirect chains through favicon subpaths to encode tracking patterns. ### Software Engineering & Architecture - [Favicon Cache Identifiers](https://awesome-repositories.com/f/software-engineering-architecture/network-identifiers/session-identifiers/favicon-cache-identifiers.md) — Assigns stable browser identifiers persisting across sessions via favicon cache manipulation. ### Web Development - [Favicon Fingerprinting Tools](https://awesome-repositories.com/f/web-development/browser-integration-utilities/browser-session-management/tab-management/favicon-management/favicon-fingerprinting-tools.md) — Identifies users by encoding unique tokens in the favicon cache for persistent tracking. - [Favicon Cache Trackers](https://awesome-repositories.com/f/web-development/browser-session-persistence/favicon-cache-trackers.md) — Assigns unique browser identifiers by exploiting the favicon cache for cross-session tracking. - [Favicon Cache Exploitation Tools](https://awesome-repositories.com/f/web-development/favicon-configurations/favicon-cache-exploitation-tools.md) — Uses the favicon cache as persistent storage for tracking identifiers across sessions. ### Business & Productivity Software - [Scalable Subpath Trackers](https://awesome-repositories.com/f/business-productivity-software/survey-feedback-tools/user-identification/scalable-subpath-trackers.md) — Scales user identification exponentially by adding more favicon subpath redirects. - [Scalable Subpath Trackers](https://awesome-repositories.com/f/business-productivity-software/survey-feedback-tools/user-tracking/scalable-subpath-trackers.md) — Increases distinguishable users exponentially by adding more favicon subpath redirects. ([source](https://cdn.jsdelivr.net/gh/jonasstrehle/supercookie@main/README.md))