Checking if an object should resist fingerprinting is ideally done by referencing the Document’s ShouldResistFingerprinting method. This is both fast and correct. In certain other situations, you may need to call some of the nsContentUtils::ShouldResistFingerprinting functions. When doing so, you should avoid calling either of the functions marked dangerous.

As you can see in the callgraph below, directly calling a dangerous function will skip some of the checks that occur further up-stack.

graph TD SRFP["ShouldResistFingerprinting()"] click SRFP href "" SRGP_GO["ShouldResistFingerprinting(nsIGlobalObject* aGlobalObject"] click SRGP_GO href "" GO_SRFP["nsIGlobalObject*::ShouldResistFingerprinting()"] click GO_SRFP href "" Doc_SRFP["Document::ShouldResistFingerprinting()<br />System Principal Check"] click Doc_SRFP href "" SRFP_char["ShouldResistFingerprinting(const char*)"] click SRFP_char href "" SRFP_callertype_go["ShouldResistFingerprinting(CallerType, nsIGlobalObject*)<br />System Principal Check"] click SRFP_callertype_go href "" SRFP_docshell["ShouldResistFingerprinting(nsIDocShell*)"] click SRFP_docshell href "" SRFP_channel["ShouldResistFingerprinting(nsIChannel*)<br />ETPSaysShouldNotResistFingerprinting Check<br />CookieJarSettingsSaysShouldResistFingerprinting Check"] click SRFP_channel href "" SRFP_uri["ShouldResistFingerprinting_dangerous(nsIURI*, OriginAttributes)<br />PBM Check<br />Scheme (inc WebExtension) Check<br />About Page Check<br />URI & Partition Key Exempt Check"] click SRFP_uri href "" SRFP_principal["ShouldResistFingerprinting_dangerous(nsIPrincipal*)<br />System Principal Check<br />PBM Check<br />Scheme Check<br />About Page Check<br />Web Extension Principal Check<br />URI & Partition Key Exempt Check"] click SRFP_principal href "" SRFP_principal --> |null| SRFP_char SRFP_uri --> |null| SRFP_char SRFP_channel -->|null| SRFP_char SRFP_channel --> |Document Load| SRFP_uri SRFP_channel --> |Subresource Load| SRFP_principal SRFP_docshell -->|null| SRFP_char SRFP_docshell --> Doc_SRFP SRFP_callertype_go --> SRGP_GO SRFP_char --> SRFP SRGP_GO -->|null| SRFP_char SRGP_GO --> GO_SRFP GO_SRFP --> |innerWindow, outerWindow| Doc_SRFP Doc_SRFP --> SRFP_channel

Exemptions and Targets

Fingerprinting Resistance takes into account many things to determine if we should alter behavior:

  • Whether we are the System Principal

  • Whether we are a Web Extension

  • Whether Fingerprinting Resistance is applied to all browsing modes or only Private Browsing Mode

  • Whether the specific site you are visiting has been granted an exemption (taking into account the framing page)

  • Whether the specific activity is granted an exemption

All callsites for ShouldResistFingerprinting take a (currently) optional RFPTarget value, which defaults to Unknown. While arguments such as Document or nsIChannel provide context for the first four exemptions above, the Target provides context for the final one. A Target is a Web API or an activity - such as a Pointer Event, the Screen Orientation, or plugging a gamepad into your computer (and therefore producing a gamepadconnected event). Most Targets correlate strongly to a specific Web API, but not all do: for example whether or not to automatically reject Canvas extraction requests from third parties is a separate Target from prompting to reject canvas extraction.

In some situations we may not alter our behavior for a certain activity - this could be based on the fingerprinting resistance mode you are using, or per-site overrides to correct breakage. Targets are defined