E-commerce companies globally suffer upwards of 40 billion dollars in losses every year due to various forms of online fraud. However, much of it is preventable if there were a reliable way to recognize every visitor returning to your site.

Your application needs to identify and stop suspicious users linked to fraudulent activity. At the same time, you want to quickly recognize your trusted users to delight them with a personalized experiences or simply just get out of their way.

Relying on cookies or IP addresses usually doesn't get the job done. People increasingly use incognito mode to avoid cookies and VPN (Virtual Private Network) services to cycle through IP addresses. Fingerprint device intelligence platform gives you the internet’s most accurate and durable visitor identifier. You can use it to identify malicious visitors — even when they try to hide their identity.

With the Fingerprint Fastly VCL (Varnish Configuration Language) integration, you get device intelligence for 100% of your visitors with the maximum possible accuracy. The integration is available as an open-source VCL template that you can add to your Fastly CDN service.

How browser fingerprinting works

Browser fingerprinting is a technique used to identify browsers. It involves collecting detailed information about the browser’s configuration through standard browser APIs — for example, browser version, operating system, screen dimensions, available fonts, language settings, extensions, and many more. Each of these attributes (often called signals) is not very useful by itself, but in combination, they can accurately identify a browser without relying on cookies or IP addresses.

Once you have a browser’s unique fingerprint, you can use it to fight fraudsters and improve user experiences. Some examples include:

• Preventing account takeover fraud: Require multi-factor authentication only if a user tries to log in from a new browser.
• Fighting trial abuse, promotion, survey, or review fraud: Prevent a single browser from repeatedly creating trial accounts, applying multiple discounts, submitting fake reviews, or voting in polls.
• Limiting account sharing: Prevent too many distinct browsers from accessing a single account.
• Strengthening your paywall: Enforce content restrictions despite incognito mode and VPN usage.
• Stopping chargebacks: Reject transactions from browsers linked to past payment fraud.
• Personalization: Remember abandoned cart items long after the visitor’s cookies expired.

The leading source-available fingerprinting library is FingerprintJS. Developed by the same world-class research team, Fingerprint Pro is a commercial device intelligence platform built on top of FingerprintJS and offers:

• Additional server-side signals, advanced pattern-matching, and machine-learning algorithms to push visitor identification accuracy up to 99.5% (compared to the 40-60% typical for open-source libraries).
• Smart Signals — additional insights about suspicious browser configurations, including bot detection, VPN detection, incognito mode detection, browser tampering detection, and more. Smart Signals allow you to reveal a visitor’s potential malicious intent even on their first visit.
• Device identification and Smart Signals for iOS and Android mobile devices.
• A suite of client, server, native, and (most importantly) cloud integrations to ensure that 100% of your users are covered by Fingerprint.

Visitor identification challenges

Like every other analytics tool on the market, Fingerprint faces limitations from ad-blocking browser extensions, privacy-focused browsers, and VPNs.

• Ad-blocking extensions like Adblock or uBlock Origin can block all requests from the browser to domains of known analytics tools capable of visitor identification. The same applies to Firefox with Standard Enhanced Tracking protection enabled.
• Some VPN providers can also block analytics-related domains on a DNS level, affecting even mobile devices.
• For third-party requests, privacy-focused browsers can limit cookies and other browser functionality Fingerprint uses to improve its identification accuracy.

These limitations can lead to lower accuracy or gaps in coverage of your traffic. The solution to all these problems is the same — proxy identification requests to Fingerprint through your domain. The requests to Fingerprint will become same-site (first-party), and ad blockers will leave them alone.

Unlike most analytics tools, Fingerprint provides out-of-the-box proxy integrations tailor-made for each major cloud platform, including Fastly.

Fingerprint Fastly VCL Proxy integration

Fingerprint Fastly VCL Proxy Integration is responsible for proxying identification requests between your website and Fingerprint through your Fastly infrastructure. The integration consists of a set of VCL rules you can add to your Fastly CDN Service. The VCL template is open-source and available on GitHub.

The benefits of using the Fastly proxy integration include:

• Identifying 100% of your visitors, even if they use ad blockers.
• Achieving maximum identification accuracy even in browsers with strict privacy features, such as Safari or Firefox.
• Insight and control over the identification requests that can be combined with other Fastly features like VCL and traffic reports.
• Ability to manage unlimited subdomains and paths, and provide Fingerprint services to your customers at any scale while benefiting from all the first-party integration improvements.
• Easy to meet compliance and auditing requirements: Fastly VCL Proxy Integration drops all the cookies sent from the origin website. The code is open-source, so this behavior can be transparently verified and audited.

Installing the Fingerprint Fastly integration

Assuming you already have a Fingerprint account (if you don't have one yet, you can sign up for a Fingerprint free trial) and a website running on Fastly, installing the Fingerprint Fastly integration involves the following:

1. Issue a proxy secret in the Fingerprint dashboard. This is used to authenticate requests from your Fastly account to Fingerprint.
2. Choose a path on your website for the integration, like yourwebsite.com/metrics. All Fingerprint identification requests will go through this path.
3. Add a dictionary to your CDN Service with the proxy secret and the integration path.
4. Download the Fingerprint VCL template from GitHub and add it to your Fastly CDN service.
5. Configure the Fingerprint JavaScript agent on your website using your website’s integration path instead of the default Fingerprint endpoints.

<script>
	// Load Fingerprint
- const fpPromise = import('https://fpjscdn.net/v3/your-public-api-key')
-   .then(FingerprintJS => FingerprintJS.load());
+ const fpPromise = import('https://yourwebsite.com/metrics/...')
+   .then(FingerprintJS => FingerprintJS.load({
+     endpoint: [
+       'https://yourwebsite.com/metrics/...', 		
+     ]
+   }));

  // Get the visitor ID
  fpPromise
    .then(fp => fp.get())
    .then(result => console.log(result.visitorId));
</script>

All the installation steps are described in detail in the Fingerprint Fastly proxy integration documentation.

Getting started

With browser fingerprinting, you can identify your visitors and build powerful strategies to fight online fraud and improve user experiences. With Fingerprint's device intelligence, you get the most accurate and stable visitor identification that stays up to date with the latest browser and device technology.

To get the maximum possible coverage and protection from ad blockers or VPNs out of Fingerprint, you can embed it directly into your Fastly infrastructure, using an out-of-the-box, open-source proxy integration.

If you would like to give Fingerprint a try, you can start a 14-day free trial. If you have any questions about Fastly proxy integration or Fingerprint generally, get in touch with the Fingerprint team.