Skip to content
Is your browser safe against tracking?
Branch: master
Clone or download
Type Name Latest commit message Commit time
Failed to load latest commit information.
tracking Application changes for py3.6 Jan 24, 2019
.gitignore Gitignore .cache dir Jan 31, 2019
.gitlab-ci.yml Force build/deploy to happen on same node Jan 24, 2019
LICENSE Merge pull request #6 from Ryuno-Ki/Default-text-colour Jan 30, 2019 Remove session_lifetime, enforce sessions have the same lifetime as t… Feb 1, 2019 Fix: make minimum length of JS-derived columns to be 16, to fit 'no j… Feb 15, 2019
docker-compose.yml Remove obsolete links from compose file Feb 22, 2019 Remove session_lifetime, enforce sessions have the same lifetime as t… Feb 1, 2019
gunicorn.conf Adding gunicorn support Feb 20, 2019


How Unique - and Trackable - Is Your Browser?


The easiest way to set up an instance of Panopticlick is with docker and docker-compose, but it can be installed on a host machine if desired.

Partial Installation on Host

You may need to install libmysqlclient-dev and python-dev for Debian-based systems.

pip install -r requirements.txt

Then modify the relevant variables in

Now, you can run


Full Docker Installation

To generate self-signed certificates for the Panopticlick hosts, cd into examples/nginx and run


Change each of the secrets in docker/secrets/ to a random value.

Then, from the git root, run

docker-compose up

Admin Routes

The following routes allow you to perform administrative tasks on the application. For each of the following curl commands, be sure to change the password to what you've set as the admin password in your or docker-compose.yml file. Remove the --insecure flag in production.

POST /refresh-key

To have the application re-read the keyfile, which contains the key to the HMAC function for storing IP addresses, issue the following command:

curl -X POST -H 'Content-Type: application/json' -d '{"password": "changeme"}' --insecure

POST /migrate-db

To migrate the database to the latest version of the application, issue the following command:

curl -X POST -H 'Content-Type: application/json' -d '{"password": "changeme"}' --insecure

POST /epoch-update-totals

To update the totals table to reflect the number of times we've seen each fingerprinting characteristic in the last epoch (45 days), issue the following command:

curl -X POST -H 'Content-Type: application/json' -d '{"password": "changeme"}' --insecure

Viewing Locally

Unless you've changed the server names specified in, you'll have to add the following line to your /etc/hosts file:

If you generated the certs yourself, in Firefox you'll have to go into private browsing mode to see the "I Understand the Risks" dialogue. You may also have to manually go to each of the above domains and go through the certificate exception process for each one in order for the application to be fully functional. Or with chrome, you can start chrome with the --ignore-certificate-errors flag, but beware this will ignore all certificate errors.


This project is licensed under the Affero General Public License, version 3. See the LICENSE file for details.


This is a rewrite of the original Panopticlick codebase, developed by Peter Eckersley at the Electronic Frontier Foundation. Currently maintained by William Budington.

You can’t perform that action at this time.