whatisgithub

What is evercookie?

samyk/evercookie — explained in plain English

Analysis updated 2026-06-26

4,720JavaScriptAudience · developerComplexity · 3/5Setup · moderate

In one sentence

Evercookie is a JavaScript research library that stores a tracking identifier in over a dozen browser locations simultaneously so that clearing standard cookies alone cannot remove it, a technical demonstration of browser storage depth.

Mindmap

mindmap
  root((evercookie))
    What it does
      Persistent tracking ID
      Multi-storage sync
    Storage locations
      HTTP cookies
      Local storage
      Canvas PNG
    Backend
      PHP ETag scripts
      Cache headers
    Use Cases
      Security research
      Privacy testing
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Study how many separate storage mechanisms exist in a browser by examining Evercookie's source code.

USE CASE 2

Test your browser's privacy tools by seeing which storage locations survive a cookie-deletion pass.

USE CASE 3

Use as a reference to understand which browser APIs can be exploited for persistent storage.

USE CASE 4

Build a privacy-auditing tool that checks which Evercookie storage mechanisms your browser has already patched.

What is it built with?

JavaScriptPHP

How does it compare?

samyk/evercookieredux-utilities/flux-standard-actionjsonresume/resume-cli
Stars4,7204,7184,714
LanguageJavaScriptJavaScriptJavaScript
Setup difficultymoderateeasyeasy
Complexity3/51/51/5
Audiencedeveloperdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Some mechanisms require a PHP server for ETag, cache, and canvas PNG backends, Java cross-browser features need a companion repository.

So what is it?

Evercookie is a JavaScript library that creates extremely persistent tracking identifiers in a browser. It stores a unique value across as many browser storage locations as possible at once, so that even if a user deletes their standard cookies, Flash cookies, or HTML5 storage, the identifier can be restored from any copy that survives. The approach works by writing the same value to more than a dozen different places: standard HTTP cookies, HTML5 local and session storage, IndexedDB, Flash Local Shared Objects, Silverlight isolated storage, HTTP ETags, browser cache, canvas PNG data, and more. If any one of those copies survives a cleanup, evercookie reads it and re-writes the value to all the others. The result is that clearing cookies in the usual way does not actually remove the identifier. Some mechanisms require a server-side component. The repository includes PHP scripts for the ETag, cache, and canvas PNG backends. Node.js and Django ports exist as separate projects. The Java-based mechanisms, which can even share identifiers across different browsers on the same machine, are maintained in a companion repository. The library is a research and demonstration project by Samy Kamkar. The README is direct about the risks: some mechanisms load Flash or Silverlight on page load, which can slow older machines significantly, and the CSS history approach can trigger a large number of HTTP requests. The author notes that using evercookie on real websites can damage user trust and reputation. Browser vendors have steadily closed many of the storage loopholes this project relies on, so a number of mechanisms no longer work in modern browsers. Several future ideas are listed in the README as unimplemented. The project is best understood as a technical demonstration of how many separate browser storage locations exist, rather than a tool meant for production use.

Copy-paste prompts

Prompt 1
Using samyk/evercookie as a reference, list all the browser storage locations it writes to and explain which ones modern browsers have blocked.
Prompt 2
I want to understand how ETag-based tracking works. Based on the evercookie codebase, explain the technique and show me the PHP backend code that enables it.
Prompt 3
How does evercookie restore a deleted identifier using canvas PNG data? Walk me through the JavaScript mechanism step by step.
Prompt 4
I'm building a privacy audit tool. Using evercookie as a reference, write a JavaScript function that checks which browser storage APIs are available and writable.

Frequently asked questions

What is evercookie?

Evercookie is a JavaScript research library that stores a tracking identifier in over a dozen browser locations simultaneously so that clearing standard cookies alone cannot remove it, a technical demonstration of browser storage depth.

What language is evercookie written in?

Mainly JavaScript. The stack also includes JavaScript, PHP.

How hard is evercookie to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is evercookie for?

Mainly developer.

Open on GitHub → Ask about another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.