Changelog

• Improve Smart Signals accuracy

• Add a check for SecurityError in all affected signals

• Improve Smart Signals accuracy

• Move to ES2018 JavaScript language version target.
• Decrease overall latency and bundle size

• Improve identification accuracy
• Improve performance (minor improvement)

• Improve accuracy of Developer Tools Detection Smart Signal
• Optimize latency
• Introduce FingerprintJS.ERROR_PROXY_INTEGRATION_SECRET_ENVIRONMENT_MISMATCH, returned when the proxy secret belongs to a different environment than the Public API key (but same workspace)

• Improve performance (signal collection latency)

• Optimize agent size
• Remove unused signals to decrease latency

• Improve general performance by decreasing the total bundle size
• Improve signal collection performance in Safari
• Improve Smart Signals accuracy
• ImproveIdentification accuracy in Firefox

• Add specific behavior for AI bot request filtering

• Signal accuracy improvements

• Introduce more granular errors for proxy integration failures and request filtering
• Increase Smart Signals accuracy

​

More granular errors

• FingerprintJS.ERROR_NETWORK_RESTRICTED, triggered when a request is filtered out based on an IP address or IP address range
• FingerprintJS.ERROR_INVALID_PROXY_INTEGRATION_SECRET, occurs when the Fpjs-Proxy-Secret header contains an empty, invalid, or non-matching value
• FingerprintJS.ERROR_INVALID_PROXY_INTEGRATION_HEADERS, triggered when the proxy integration headers are misconfigured or partially provided in those specific cases:
  • Missing required headers (Fpjs-Proxy-Client-IP, Fpjs-Proxy-Forwarded-Host).
  • Duplicate headers
  • Invalid patterns for Client-IP or Forwarded-Host

​

Smart Signals accuracy

• Minor bug fixes and improvements

• Minor bug fixes and improvements impacting signal collection

• Minor bug fixes and stability improvements

• Drop official support for older browsers (older versions should still work but it is not guaranteed). Updated list is available here.
• JS Agent now throws the error from the first attempt instead of the one from the last retry. This makes it more clear what the error was because our retry/fallback endpoints are prone to get blocked by ad blockers.

• Minor bug fixes and stability improvements

• Improve the identification accuracy in some Android browsers
• Improve the accuracy of Smart Signals

• Minor bug fixes in signal collection
• Improve back/forward cache support to prevent full page reloads
• Add urlHashing option

• Improved accuracy of identification
• Improved performance

• A new JS Agent option: remoteControlDetection (has been deprecated since)
• Fix incompatibility with some iOS versions
• Remove the Feature policy 'Payment' check failed... console error in cross-origin iframes in Safari

• Improved performance.
• Improved accuracy of identification.

• Improve the performance

• fix: A message related to AudioContext is printed to the browser console
• Improve the performance

• Improve the identification and bot detection accuracy
• Improve the performance

• Improve the performance

• Minor improvements

• Improve the Smart Signals accuracy
• The ipLocation response field is marked as deprecated. It will not return a result for applications created after January 23rd, 2024. See IP Geolocation for a replacement available in our Smart Signals product.

• Deprecate option products. The option to configure products became obsolete with the introduction of Smart Signals. Billed amount is determined by the billing plan and the products option does not influence it. Just remove it from your JS agent configuration. It will likely be removed in the next major version.
• Fix unexpected popup appearing in Android Chrome in rare cases.

• Fixed an unhandled promise rejection happening in rare cases

• Minor improvements

• Sealed Client Results support. Namely, added a new get() response field: sealedResult.

• Improve the retry algorithm used in case JS Agent fails to load from the CDN.

• Deprecate options tlsEndpoint and disableTls. They are not necessary because of recent improvements to the ad-blocker protection. Just remove them from your JS agent configuration. They will likely be removed in the next major version.

• Minor improvements

• Fix the subdivisions field type in the TypeScript declarations

• Add an error constant ERROR_INVALID_ENDPOINT which is used then the endpoint option value is not a valid URL

• Add a license file to the NPM package

• Add an error constant ERROR_INTEGRATION_FAILURE which will be used for errors that happen on the integration side

• Fallback endpoint. You can set multiple endpoints; JavaScript agent will try to send the request with the first endpoint, and if the request fails, retry the request with the second endpoint and so on. Supported by all options: scriptUrlPattern, endpoint and tlsEndpoint.
• Placeholder values for cases where you want to use the default endpoint as a fallback endpoint:
  • FingerprintJS.defaultScriptUrlPattern for scriptUrlPattern
  • FingerprintJS.defaultEndpoint for endpoint
  • FingerprintJS.defaultTlsEndpoint for tlsEndpoint

• A new error is thrown when JS agent is blocked by Content Security Policy: FingerprintJS.ERROR_CSP_BLOCK. JS agent doesn’t retry network requests blocked by CSP. In previous versions a common error was thrown in this case: FingerprintJS.ERROR_NETWORK_CONNECTION.

• Bot Detection agent is embedded into FingerprintJS Pro agent
• A new fp.get() option products to enable or disable Fingerprint products (Browser Identification, BotDetection)

• Security improvements

• Add the zeroTrust field to the TypeScript declaration of JS agent result object

• New error type: ERROR_FORBIDDEN_ENDPOINT. See the error handling guide for more details.

• fix: JS agent installed from jsDelivr makes a network request to fpnpmcdn.io that can be blocked by your Content Security Policy. This is a temporary fix, it will be reverted. Please switch to our CDN to avoid this problem in future.

• A new CDN for the CDN installation methods. Follow this guide to update. The old CDN URLs pointing to jsDelivr continue working, but we recommend switching to our CDN to avoid excess network requests.
• JS agent installed from NPM loads its code from our CDN in runtime. It guarantees that you always use the latest and the most accurate version of JS agent.
  • If you use a Content Security Policy, add the CDN domain to the CSP as described here (see the “NPM installation” tab).
  • If you do an HTML preconnect, consider preconnecting to the CDN too as described here (see the “NPM installation” tab).
• Add firstSeenAt and lastSeenAt fields to JS agent responses. See more details in Visitor Footprint Timestamps.
• New error types: ERROR_SCRIPT_LOAD_FAIL and ERROR_INSTALLATION_METHOD_RESTRICTED. See the error handling guide for more details.
• A new load() option in the NPM package of JS agent: scriptUrlPattern. See more details in the JS agent guide.

• fix: If your project uses TypeScript and has the TypeScript’s isolatedModules option is enabled, JS agent causes an error: “TS2748: Cannot access ambient const enums”

• Rename the token option of the load method of JS agent to apiKey. The token option keeps working for backward compatibility. Also rename some error constants (the old names work too):
  • ERROR_TOKEN_MISSING → ERROR_API_KEY_MISSING
  • ERROR_TOKEN_INVALID → ERROR_API_KEY_INVALID
  • ERROR_TOKEN_EXPIRED → ERROR_API_KEY_EXPIRED
• fix: JavaScript agent triggers a console error message unless the page’s Content Security Policy allows unsafe-inline for style-src.

• A new region: ap (Mumbai, India)

• Improve incognito mode detection accuracy in Safari
• Deprecate the ipResolution parameter because it affects nothing
• The get() result’s ipLocation field is marked is optional in the TypeScript declaration. The field could be undefined in fact, so this is a fix of the type declaration.
• Actualize the list of supported browsers.
• A new error code for cases when the JS agent version is not supported: FingerprintJS.ERROR_UNSUPPORTED_VERSION
• Decrease the JS agent code size by removing legacy parts
• fix: An indefinite setTimeout loop in Firefox

• Improve the tree-shaking capability
• Confidence score calculations moved to server for increased accuracy (Pro version)

• Improve the performance slightly

• Improve identification time for visitors who use an ad blocker or an M1 Mac
• Improve identification accuracy

• Add a new result field: confidence score. The confidence score field tells how much the agent is sure about the visitor identifier. See the API reference for more details.
• Fix an error that occurs in Firefox Add-ons

• Makes get run much faster when some time passes between calling load() and get(). See the JavaScript agent preloading guide to learn how to leverage it.
• Added an error constant for bad server response format: FingerprintJS.ERROR_BAD_RESPONSE_FORMAT. The error can be caused by wrong endpoint.
• The disableTls option is moved from the get options to the load options. It still works when set within get options for compatibility, but doesn’t actually disable the TLS request. So we recommend updating your code if you use disableTls.
• fix: JS agent may never complete getting the visitor identifier when the page is in background.

• Fix client timeouts in WeChat built-in browser on iOS 13
• Increase the accuracy of agent when the page runs in background

• Fix “Client timeout” errors that happen in bots that run setTimeout too quickly
• Fix console WebGL warnings in IE 11

• Incognito detection accuracy improvement
• TypeScript compatibility improvement
• Fix an error in Android 5.1 Browser: Failed to parse the response
• Fix client timeouts in iOS WeChat built-in browser

• Many new identification methods under the hood
• JS agent retries visitor identification request in case of error
• A new billing model. Identifications are billed per a unique visitor instead of a request.
• New expected JS agent errors: FingerprintJS.ERROR_WRONG_REGION, FingerprintJS.ERROR_SUBSCRIPTION_NOT_FOUND.

• fix: Remote monitoring doesn’t work in Android Browser 4.1
• fix: JS agent script encoding can change the canvas fingerprint, that can reduce accuracy in rare cases
• Add internal request encryption
• Improve the fingerprinting performance

• Fix incognito detection in some browsers based on Blink
• Decrease the chance of getting send() call timeout by decreasing the TLS request timeout
• Improve the fingerprinting performance

• Increase the TLS request stability by retrying
• Decrease the chance of getting get() call timeout by decreasing the TLS request timeout
• fix: Monitoring reports aren’t sent sometimes

• Improve the accuracy of Chrome incognito detection
• Add the requestId field to errors emitted by the servers
• Make JS agent easier to use in server side rendering environments like Next.js and Gatsby

• Fix cookie SameSite attribute warnings in Firefox
• Increase the accuracy of Chrome incognito detection
• Add the requestId field to errors emitted by the servers

• Add JS agent constants for the new request filtering errors
• Fix cookie SameSite attribute warnings in Firefox
• Improve the identification mechanism

• fix: FP.load() takes a huge time to run in some conditions
• Handle cases where navigator.deviceMemory is a string

• fix: load() takes a huge time to run in some conditions
• Handle cases where navigator.deviceMemory is a string

• Add more information to JS agent monitoring

• Add an experimental API for JS agent debugging. We can use it to analyze agent operation on your side and solve problems faster. Contact support for more details.
• The minimal supported version of TypeScript is 4.0.0.
• Amend Safari private mode detection. It always detected incognito: true in desktop Safari controlled by Karma or BrowserStack Automate.

• Amend Safari private mode detection. It always detected incognito: true in desktop Safari controlled by Karma or BrowserStack Automate.

• Increased stability of the audio fingerprint component on iPhone
• Made JS agent use a TLS server located in Europe when the region is set to EU, for example:
  NPM installation

  CDN installation

  Copy

  Ask AI

  import { FP } from '@fp-pro/client';
  
  FP.load({
      client: 'your-token',
      region: 'eu'
  })
  
• Added an option to set a custom TLS endpoint:
  NPM installation

  CDN installation

  Copy

  Ask AI

  import { FP } from '@fp-pro/client';
  
  FP.load({
      client: 'your-token',
      tlsEndpoint: 'https://mytls.example.com'
  })
  

• Increased stability of the audio fingerprint component on iPhone
• Made JS agent use a TLS server located in Europe when the region is set to EU, for example:
  JavaScript

  Copy

  Ask AI

  FingerprintJS.load({
      token: 'your-token',
      region: 'eu'
  })
  
• Added an option to set a custom TLS endpoint:
  JavaScript

  Copy

  Ask AI

  FingerprintJS.load({
      token: 'your-token',
      tlsEndpoint: 'https://mytls.example.com'
  })
  

• fix: Incognito detection doesn’t work in mobile Safari 13 and newer

• fix: It’s impossible to set an endpoint that is relative to the current domain in the FingerprintJS.load() function. For example, the following code didn’t work:
  JavaScript

  Copy

  Ask AI

  const fp = await FingerprintJS.load({ token: 'your-token', endpoint: '/metrics' })
  const result = await fp.get()
  
  Warning. If you set the endpoint option to something like metrics.example.com, it will break because this is not an expected behavior. Change the endpoint to https://metrics.example.com.

• fix: An error that occurs in a very rare case when navigator.permissions is present while window.Notification isn’t.
• Handle cases where new Date().getTimezoneOffset() returns a string
• fix: Visitor identifier can change due to a daylight saving time shift

• Unexpected entropy component errors are printed in the debug mode of the JS agent. Such errors should be reported to us.
• Support elder browsers like IE 11, Chrome 42 and Firefox 48 (a Promise polyfill is required)
• Handle cases where new Date().getTimezoneOffset() returns a string
• fix: Getting the visitor identifier takes a huge time in some conditions

• The JS agent API is changed to provide a simple transition from the open-source version of the agent.
• The installation methods have been unified so that they have same options and same usage methods. Also we’ve added a couple new ways to install.
• Result and error handling has been simplified. A single value type is returned (resolved) and a single value type is thrown (rejected). The agent throws error only when a visitor identification fails due to incorrect agent setup or network issues; special kinds of visitors don’t cause errors.

• From FingerprintJS Pro version 2
• From FingerprintJS Open-Source version 3
• From FingerprintJS Open-Source version 2