Permissions API Fingerprinting: How Your Browser’s Permission States Create a Unique Identity
Permissions API fingerprinting is a subtle yet powerful tracking technique that exploits the navigator.permissions.query() method to map the permission states of various browser APIs — camera, microphone, geolocation, notifications, MIDI, clipboard, and more. The resulting “permission state matrix” reflects each user’s unique history of granting, denying, and ignoring permission prompts across different websites, creating a fingerprint that persists even after cookies are cleared.
In 2026, as browsers tighten controls on traditional fingerprinting vectors like canvas and WebGL, permissions API fingerprinting has grown in importance. It’s particularly effective because the permission states themselves are a byproduct of normal user behavior — every time you click “Allow” or “Block” on a permission dialog, you’re adding a bit of entropy to your fingerprint. This guide provides a comprehensive technical analysis of how permission-based fingerprinting works, the specific APIs exploited, cross-origin leakage vulnerabilities, timing-based attacks, and how antidetect browsers must manage permission states to remain undetectable.
Understanding the Permissions API
The Permissions API, standardized by the W3C, provides a programmatic way for websites to query the current permission state for various browser features. Instead of attempting to use an API and handling the resulting error or prompt, a script can call navigator.permissions.query() to check the permission state silently and without triggering any user-visible prompt.
The Three Permission States
Each permission can exist in one of three states:
- “granted” — The user has previously allowed this permission for the current origin. The API can be used without further prompting.
- “denied” — The user has previously blocked this permission for the current origin. The API will fail silently or throw an error.
- “prompt” — No decision has been made. Using the API will trigger a permission dialog.
The critical insight for fingerprinting is that these states are persistent. Once a user grants or denies a permission, that decision typically survives page reloads, browser restarts, and even some cache-clearing operations. The permission states are stored per-origin (protocol + domain + port), creating an origin-specific permission profile.
Queryable Permissions
The range of permissions that can be queried through the Permissions API has expanded significantly. As of 2026, the following permissions are commonly queryable across major browsers:
| Permission Name | Chrome | Firefox | Safari | Edge | Fingerprinting Value |
|---|---|---|---|---|---|
| geolocation | ✅ | ✅ | ✅ | ✅ | High — commonly prompted |
| notifications | ✅ | ✅ | ✅ | ✅ | Very High — varies widely |
| camera | ✅ | ✅ | ✅ | ✅ | Medium — usually prompt |
| microphone | ✅ | ✅ | ✅ | ✅ | Medium — usually prompt |
| persistent-storage | ✅ | ✅ | ❌ | ✅ | Medium |
| midi | ✅ | ❌ | ❌ | ✅ | High — rarely granted |
| clipboard-read | ✅ | ✅ | ❌ | ✅ | Medium-High |
| clipboard-write | ✅ | ✅ | ❌ | ✅ | Low — often auto-granted |
| accelerometer | ✅ | ❌ | ❌ | ✅ | Medium |
| gyroscope | ✅ | ❌ | ❌ | ✅ | Medium |
| magnetometer | ✅ | ❌ | ❌ | ✅ | Medium |
| background-sync | ✅ | ❌ | ❌ | ✅ | Low — usually granted |
| ambient-light-sensor | ✅ | ❌ | ❌ | ✅ | Medium — uncommon |
| screen-wake-lock | ✅ | ✅ | ❌ | ✅ | Low-Medium |
| push | ✅ | ✅ | ✅ | ✅ | High — reflects notification preferences |
| storage-access | ✅ | ✅ | ✅ | ✅ | Medium-High |
The number of queryable permissions and which ones are supported varies by browser, which itself is a fingerprinting signal. Chrome supports the most permission types, while Safari supports the fewest — this API surface area difference helps identify the browser even before examining the permission states themselves.
The Permission State Matrix as a Fingerprint
When a fingerprinting script queries all available permissions, it constructs a “permission state matrix” — a vector of states (granted/denied/prompt) across all permission types. The entropy of this matrix depends on the number of permission types available and the distribution of states across the user population.
Calculating Entropy
With 16 queryable permissions and 3 possible states each, the theoretical maximum is 3^16 = 43,046,721 unique combinations. In practice, the entropy is lower because many permissions share the same “prompt” state for most users. However, the actual entropy is still substantial — research estimates approximately 8-12 bits of identifying information from permission states alone on Chrome.
The fingerprinting value increases dramatically when you consider that permission states are origin-specific. A user who has granted notification permission to news websites but denied it to e-commerce sites has a different pattern than a user who has denied notifications globally. While a single origin sees only its own permission states, the pattern of states across the permissions it can query still contributes to a unique profile.
Why Some Permissions Are More Valuable Than Others
Not all permissions contribute equally to fingerprinting entropy:
- Notifications — Highest value because users actively decide to allow or block them across many sites. The notification permission state reflects individual user behavior and preferences, varying widely across the population.
- MIDI — High value because it’s rarely requested. A “granted” state for MIDI strongly suggests the user is a musician or audio professional, narrowing the population significantly.
- Camera/Microphone — Medium value. Most users have these in “prompt” state, but video calling users may have them “granted” for specific origins.
- Clipboard-write — Low value because many browsers auto-grant this permission without user interaction, making it “granted” for most users.
- Background-sync — Low value because it’s typically auto-granted and users rarely interact with it directly.
Understanding this entropy distribution is key for anyone studying how browser fingerprinting techniques combine multiple low-entropy signals into high-confidence identifiers.
Cross-Origin Permission Leaks
One of the most concerning aspects of permissions API fingerprinting is the potential for cross-origin information leakage — situations where one website can infer information about a user’s permission decisions on other websites.
Direct Cross-Origin Leaks
The Permissions API is designed to be origin-scoped: each origin can only query its own permission states. However, several leakage vectors have been identified:
- Feature detection timing — Even when a permission is in “prompt” state, the time it takes for the permission query to resolve can vary based on the browser’s internal state, potentially leaking information about recently-prompted permissions on other origins.
- Shared permission delegation — Some permissions (like geolocation) may have system-level settings that affect all origins. If geolocation is disabled at the OS level, all origins see “denied” — leaking OS-level configuration.
- MediaDevices enumeration — When camera/microphone permission is “granted,” the
navigator.mediaDevices.enumerateDevices()API returns full device labels. When in “prompt” state, it returns empty labels. This binary behavior leaks the permission state even without directly querying the Permissions API. For more details, see our guide on media devices fingerprinting.
Iframe Permission Delegation
The Permissions-Policy HTTP header and the iframe allow attribute control which permissions can be used in embedded contexts. When a third-party iframe attempts to query a permission and receives “denied” due to Permissions-Policy restrictions (not user decision), the “denied” state is indistinguishable from a user-denied state in the API response. This creates ambiguity that fingerprinting scripts can sometimes exploit by comparing permission states between top-level and embedded contexts.
Service Worker Permission Persistence
Service workers can query permissions independently of the page that registered them. Since service workers persist across page loads and can run in the background, they maintain access to permission states even after the user has navigated away. This persistence mechanism means that permission-based fingerprints survive page navigation and can be checked asynchronously.
Timing Attacks on Permission Checks
The time required for navigator.permissions.query() to resolve varies based on several factors that can leak information:
Query Resolution Timing
When a permission has been explicitly set (granted or denied), the query typically resolves faster than when the permission is in the default “prompt” state. This timing difference — often just a few microseconds — can be measured using performance.now() to infer whether the user has previously interacted with a permission prompt, even before examining the returned state.
Batch Query Timing Patterns
Querying all permissions simultaneously (using Promise.all()) and measuring the total resolution time reveals information about the browser’s internal permission storage mechanism. Browsers that store permissions in SQLite databases show different timing patterns than those using in-memory caches, helping identify the browser engine and version.
Permission Change Event Timing
The PermissionStatus object returned by navigator.permissions.query() has an onchange event handler that fires when the permission state changes. The timing of this event — how quickly it fires after the user interacts with a permission prompt — varies by browser and can be measured. This is part of the broader category of tracking without cookies that relies on behavioral and timing signals.
Historical Permission Patterns and Behavioral Profiling
Beyond the current snapshot of permission states, the pattern of permission decisions over time reveals behavioral characteristics that contribute to user identification.
Permission Decision Consistency
Users develop habits around permission prompts. Some users always deny notification permissions. Others always grant camera access. These behavioral patterns create a “permission personality” that is consistent across websites and resistant to surface-level countermeasures. A user who has denied notifications on 50 websites and granted them on 2 has a very different profile from a user who has granted notifications everywhere.
Permission Prompt Interaction Timing
The time between when a permission prompt appears and when the user responds (the “decision latency”) is a behavioral biometric. Users who immediately deny prompts differ from those who consider them carefully. While individual websites can only measure interaction time for their own prompts, the resulting permission state (quick deny vs. considered grant) indirectly encodes this timing information.
Permission Revocation Patterns
Some users proactively manage their permissions, revoking previously-granted access through browser settings. This behavior leaves traces: a permission that was “granted” and later changed to “denied” (through the browser settings) may behave differently from one that was directly “denied” when first prompted. The onchange event fires when permissions are revoked, and some tracking scripts monitor for these changes as additional fingerprinting signals.
How Fingerprinting Scripts Implement Permission Probing
Real-world permission fingerprinting scripts follow a systematic approach:
Step 1: API Availability Check
The script first checks whether navigator.permissions exists. Its absence immediately narrows the browser identification (older browsers, some privacy-focused forks). The availability of the query() method and specific permission names provides further classification signals.
Step 2: Comprehensive Permission Query
The script queries all known permission names, including experimental and non-standard ones. Importantly, the errors returned for unsupported permission names are valuable fingerprinting data. Different browsers throw different error types (TypeError vs. DOMException) with different error messages for unknown permissions, leaking browser engine and version information.
Step 3: State Matrix Construction
For each successful query, the script records the permission state and the PermissionDescriptor details. Some permissions accept additional parameters — for example, the push permission can be queried with { name: 'push', userVisibleOnly: true }. The behavior when querying with different parameter combinations adds more fingerprinting entropy.
Step 4: Cross-Referencing with Feature Detection
The script cross-references permission states with actual API availability:
- If
notificationsis “granted,” doesnew Notification()actually work? - If
camerais “granted,” doesnavigator.mediaDevices.getUserMedia({ video: true })succeed? - If
geolocationis “granted,” doesnavigator.geolocation.getCurrentPosition()resolve?
How Send.win Helps You Master Permissions Api Fingerprinting
Send.win makes Permissions Api Fingerprinting simple and secure with powerful browser isolation technology:
- Browser Isolation – Every tab runs in a sandboxed environment
- Cloud Sync – Access your sessions from any device
- Multi-Account Management – Manage unlimited accounts safely
- No Installation Required – Works instantly in your browser
- Affordable Pricing – Enterprise features without enterprise costs
Try Send.win Free – No Credit Card Required
Experience the power of browser isolation with our free demo:
- Instant Access – Start testing in seconds
- Full Features – Try all capabilities
- Secure – Bank-level encryption
- Cross-Platform – Works on desktop, mobile, tablet
- 14-Day Money-Back Guarantee
Ready to upgrade? View pricing plans starting at just $9/month.
Mismatches between the reported permission state and actual API behavior indicate either spoofing or browser bugs — both of which are identifying information.
Step 5: Change Monitoring
The script attaches onchange handlers to all queried permissions and keeps them active for the duration of the page session. Any permission changes during the session are logged and reported, providing real-time updates to the fingerprint. This is particularly useful for tracking users across tab switches and settings changes.
Defending Against Permissions API Fingerprinting
Effective defense against permission-based fingerprinting requires careful management of permission states across browser profiles.
Naive Approaches That Fail
Simply reporting all permissions as “prompt” (the default state) is detectable because real browsers don’t have all permissions in “prompt” state. Users who have browsed the web for any length of time will have made decisions on at least some permissions (particularly notifications, which are prompted aggressively by many websites). An all-“prompt” profile looks like a freshly installed browser — which itself is a fingerprinting signal.
Consistent Permission State Profiles
A more sophisticated approach is to maintain a realistic permission state profile for each browser identity. This means:
- Setting some permissions to “denied” — Particularly notifications, which most users have blocked on the majority of sites
- Keeping most permissions at “prompt” — Camera, microphone, MIDI, and sensor permissions are rarely interacted with on most sites
- Matching permission states to the browser profile — If the profile claims to be Firefox, only permissions supported by Firefox should be queryable. Querying Chrome-specific permissions on a Firefox profile should return appropriate errors.
- Ensuring cross-API consistency — If camera permission is “granted,” the MediaDevices API should return device labels. If geolocation is “denied,” the Geolocation API should fail with an appropriate error.
Permission State Persistence
Permission states must be persistent within a browser profile. If a fingerprinting script queries permissions on Monday and gets a specific state matrix, the same matrix should be returned on Tuesday. Randomly changing permission states between sessions is a clear indicator of spoofing.
The Antidetect Browser Challenge
For antidetect browsers managing multiple profiles, the challenge is creating and maintaining diverse, realistic permission state profiles at scale. Each profile needs a unique but plausible combination of permission states that:
- Remains consistent across sessions
- Is compatible with the claimed browser and OS
- Matches the behavior of actual APIs when tested
- Doesn’t contradict other fingerprinting signals
- Evolves naturally if the profile “visits” sites that prompt for permissions
Browser Mitigations and Privacy Standards
Browser vendors have begun addressing permission fingerprinting through several mechanisms:
Permission Partitioning
Some browsers are experimenting with partitioning permission states by top-level site, similar to cookie partitioning. Under this model, the same origin would have different permission states when embedded as an iframe on different top-level sites, reducing cross-site tracking capability.
Permission Prompt Suppression
Browsers increasingly suppress permission prompts from untrusted or newly-visited sites. Chrome’s “quieter notification permissions” feature automatically silences notification prompts on sites where the user is likely to block them (based on global block rates). This reduces the number of permission decisions users make, limiting the entropy available for fingerprinting.
Reducing Queryable Permissions
Privacy-focused browsers like Brave and Tor Browser limit the permissions that can be queried through the API, reducing the available fingerprinting surface. Some proposals suggest requiring a user gesture before allowing permission queries, similar to how iOS requires a user gesture for DeviceMotion access.
W3C Permissions Specification Updates
The W3C Permissions specification is being updated to address fingerprinting concerns. Proposed changes include requiring permission queries to resolve asynchronously (preventing timing attacks), standardizing error messages for unknown permissions (preventing browser identification through error fingerprinting), and potentially limiting the number of permissions that can be queried per page load. The broader challenge of browser tracking methods is driving these specification improvements across multiple APIs.
Permission Fingerprinting in the Context of Multi-Account Management
For users managing multiple accounts — whether for social media marketing, e-commerce, or ad verification — permission state consistency is critical. If two “different” accounts produce identical permission state matrices when accessed from the same browser, the platform can link them as belonging to the same user.
This is where dedicated antidetect browser profiles become essential. Each profile must maintain its own independent set of permission states that:
- Are distinct from each other (no two profiles should have identical permission matrices)
- Are internally consistent (permission states match API behavior)
- Are persistent across sessions (the same profile always returns the same states)
- Are realistic for the claimed browser/OS combination
Send.win addresses this by configuring consistent permission states per profile. Each cloud browser profile maintains its own permission storage, ensuring that permission queries return a unique, persistent, and realistic state matrix. Because each profile runs as an isolated browser instance, there’s no risk of cross-profile permission leakage — a fundamental advantage over extension-based antidetect approaches that share the same browser’s permission storage.
Advanced Permission Fingerprinting Techniques for 2026
Fingerprinting scripts continue to evolve. Here are emerging techniques to be aware of:
Permission Descriptor Enumeration
Beyond querying known permission names, scripts probe for undocumented or experimental permissions. Each browser version supports a slightly different set of permission descriptors. The exact set of supported descriptors (including which return errors and what type of errors) creates a precise browser version fingerprint.
Web Worker Permission Queries
Permissions can be queried from within Web Workers and Service Workers. The behavior of permission queries in these contexts — whether they resolve, what states they return, and how quickly they resolve — may differ from the main thread, providing additional fingerprinting data.
Permission Policy Header Analysis
While websites can’t read the Permissions-Policy headers sent by other sites, they can probe for the effects of these headers. By attempting to use various APIs and checking whether they’re blocked by Permissions-Policy, a script can infer something about the user’s browsing context and the security posture of the embedding site.
Notification API Deep Fingerprinting
When notification permission is “granted,” additional fingerprinting is possible through the Notification API itself. The maximum notification body length, supported notification actions, supported notification images, and notification event timing all vary by browser and OS, providing secondary fingerprinting signals that are only accessible when the notification permission gate has been passed.
🏆 Send.win Verdict
Permissions API fingerprinting turns your everyday browser decisions into a tracking identifier. Every time you allow or block a permission, you’re adding to a unique matrix that identifies your browser profile. Send.win neutralizes this threat by configuring consistent, realistic permission states for each cloud browser profile. Because each profile runs as a fully isolated browser instance with its own permission storage, there’s no cross-profile leakage and no risk of shared permission states linking your accounts. The permission state matrix remains stable across sessions and consistent with all other fingerprinting signals in the profile.
Try Send.win free today — manage multiple accounts with isolated permission profiles that pass the strictest detection systems.
Frequently Asked Questions
What is Permissions API fingerprinting?
Permissions API fingerprinting is a browser tracking technique that uses navigator.permissions.query() to check the permission states (granted, denied, or prompt) of various browser APIs like camera, microphone, geolocation, notifications, and MIDI. The unique combination of these states across all queryable permissions creates a “permission state matrix” that can help identify and track users, even after cookies are cleared.
How many bits of entropy do permission states provide?
Research estimates that permission states provide approximately 8-12 bits of identifying information on Chrome, which supports the most queryable permissions. This means permission states alone can distinguish between roughly 256 to 4,096 different user profiles. While not sufficient for unique identification on their own, they significantly boost the accuracy of combined fingerprinting techniques that incorporate canvas, WebGL, font enumeration, and other signals.
Can clearing cookies reset my permission fingerprint?
Not typically. Permission states are stored separately from cookies and are not cleared by standard cookie-clearing operations. In most browsers, clearing permissions requires visiting the browser settings and manually resetting them per-site, or using the “clear all site data” option. Even then, the user’s tendency to make the same permission decisions (their “permission personality”) means the fingerprint often reconverges to a similar state after normal browsing.
Which permission is most valuable for fingerprinting?
The notification permission is generally the most valuable for fingerprinting because it has the highest variance across users. Many websites aggressively prompt for notification permission, and users develop strong habits around these prompts — some always deny, some grant selectively, and some ignore them. This high variance means the notification permission state provides the most identifying information per bit. The MIDI permission is also valuable because it’s rarely requested, making a “granted” state highly distinctive.
How do antidetect browsers handle permission fingerprinting?
Sophisticated antidetect browsers configure independent permission states for each browser profile. This involves setting realistic permission state combinations that are consistent with the claimed browser type, ensuring permission states persist across sessions, and verifying that the permission states match actual API behavior (e.g., if camera is “granted,” the MediaDevices API should work). Cloud-based solutions like Send.win handle this through isolated browser instances that maintain their own permission storage.
Can websites detect permission state spoofing?
Yes, through several methods. Websites can cross-reference reported permission states with actual API behavior — if the Permissions API reports camera as “granted” but getUserMedia() fails, spoofing is indicated. Timing analysis of permission queries can also detect spoofing if the resolution times don’t match expected patterns. Additionally, the pattern of permission states must be realistic; an all-“prompt” profile or an impossible combination of states (like MIDI “granted” on Safari, which doesn’t support MIDI permission queries) will raise detection flags.
What is a cross-origin permission leak?
A cross-origin permission leak occurs when one website can infer information about a user’s permission decisions on a different website. While the Permissions API is designed to be origin-scoped, leaks can occur through indirect channels: system-level permission settings affect all origins, MediaDevices behavior varies based on camera/microphone permission state, and timing differences in permission query resolution can leak internal browser state. These leaks enable tracking beyond the intended scope of the API.
How does Send.win manage permission states across profiles?
Send.win configures consistent permission states for each cloud browser profile. Each profile runs as a fully isolated browser instance with its own independent permission storage, meaning permission states are unique per profile, persistent across sessions, and cannot leak between profiles. The permission states are configured to be realistic for the claimed browser and OS combination, and they align with the behavior of the actual APIs they control — ensuring that cross-referencing checks by fingerprinting scripts find no inconsistencies.
