What is Fingerprinting?
Fingerprinting is an information-gathering technique that enables threat actors to profile and subsequently attack an application. The relevant data is acquired from the names and values specified in the HTTP header, which ultimately differentiate and profile an application.
This assesses the foundation of a site to determine characteristics such as, what server and software are running. Automated bots are often programmed to acquire this information and will also seek:
- URL path case sensitivity
- URL path patterns
- Directories
- Error messages
It’s worth noting that while fingerprinting assesses an application’s important components, it is a less detailed analysis of an application’s working parts than footprinting.
How Does Fingerprinting Work?
Fingerprinting works through the analysis of an application by virtue of the HTTP header values it sends to a client. For example, an HTTP request to a web server that uses Javascript will cause the browser to seek information from the site’s server.
A response from this query is sent back to the client and it includes information such as:
- Request method
- Server Software
- Server Language
- Character Encoding scheme
Active Fingerprinting vs Passive Fingerprinting
There are two ways a threat actor can acquire and enact a fingerprint against an application: active or passive.
Active Fingerprinting
It involves using real client-side applications to gather user agent strings, browser header values, etc., in order to perform detailed analysis on each browser and their version.
Passive Fingerprinting
It uses analysis of existing data from a server, instead of active probing. Passive fingerprinting is considerably faster than active, but the resolutions are lesser and accuracy is reduced as well.
Talk to our team of cyber-security experts today to discover more about our pioneering approach to bot management to help you detect unwanted bot activity and defend against it.
See also:

American Big Box Retailer Cuts API Abuse By 84%, Elimi...
04th Mar 2022 / 12:14 VIEW case study
Customer Loyalty: How are bots exploiting business logic?
28th Jun 2021 / 16:32 VIEW whitepaper
The Bot Management Review: Separating Bot Fact from Fi...
16th Mar 2022 / 10:48 VIEW guideEmpower your business with control over bot traffic and the ability to detect bots and block malicious traffic in real-time.