Note: Most modern browsers report no plugins or only built-in PDF viewer for privacy.
Browser plugins are add-on software that extend browser capabilities (Flash, Java, PDF readers, etc.). The navigator.plugins API exposes their names and details. This is HIGHLY identifying because:
Browser plugins (NPAPI plugins) were popular from the 1990s-2010s for extending browser functionality. Common examples:
Plugins had full system access, leading to malware and exploits. Flash was the #1 vector for browser attacks.
Plugins consumed resources, crashed frequently, and slowed down browsers.
HTML5, WebGL, WebAssembly, and native video/audio tags made plugins obsolete.
Chrome, Firefox, Edge, and Safari have completely removed plugin support. Only built-in PDF viewers remain. Most users will see: "PDF Viewer" or "Chrome PDF Plugin" or an empty list.
Typical Result: "PDF Viewer" or "Chrome PDF Plugin"
Note: These are built-in, not actual plugins. Everyone has the same list.
Typical Result: Empty list or "PDF.js"
Note: Firefox's built-in PDF viewer. No external plugins supported.
Typical Result: Empty list
Note: Safari removed plugin support years ago.
If you're on an old browser, you might see:
If you see Flash, Java, or Silverlight in your plugin list, you're using an outdated, insecure browser or have legacy software installed. Update immediately!
Before plugins were deprecated, websites used them for:
| Browser | Plugin Support | What navigator.plugins Shows |
|---|---|---|
| Chrome 88+ (2021) | Removed | Only "PDF Viewer" or "Chrome PDF Plugin" |
| Firefox 85+ (2021) | Removed | Empty or "PDF.js" |
| Safari | Removed (2018) | Empty list |
| Edge (Chromium) | Removed (2020) | Only "PDF Viewer" |
| Brave | Removed + Randomized | Fake list or PDF only (anti-fingerprinting) |
| Tor Browser | Spoofed | Reports nothing (blocks fingerprinting) |
| Old Browsers | Supported | Full list of installed plugins (INSECURE!) |
Plugin lists were one of the MOST POWERFUL fingerprinting techniques. Each combination of plugins was nearly unique, enabling precise cross-site tracking without cookies.
With dozens of possible plugins, each combination was essentially a unique ID. Example: "User has Flash 32.0.0.445 + Java 8.291 + Acrobat 2020.013" = 1 in millions
Plugins included version numbers (e.g., "Flash Player 11.2.202.626"), making fingerprints even more specific
Users rarely installed/uninstalled plugins, so the fingerprint persisted for years
If you installed Flash system-wide, it appeared in all browsers, linking your Chrome and Firefox identities
Fortunately, modern browsers have largely eliminated this risk:
If you're on an old browser or have legacy software:
Chrome 88+, Firefox 85+, Safari 14+, Edge 88+
These browsers no longer support plugins, eliminating the risk entirely.
If you have Flash, Java, or Silverlight installed:
Protection: Randomizes plugin list or shows nothing
Effect: Prevents plugin-based fingerprinting
Protection: Reports no plugins to all websites
Effect: All users appear identical
Enable: about:config → privacy.resistFingerprinting = true
Effect: Returns empty plugin list
Visit EFF Cover Your Tracks to see what plugins your browser exposes
For everyone: Use Chrome 88+, Firefox 85+, or Safari 14+ (automatic protection)
For privacy-conscious: Use Brave or Firefox with resistFingerprinting
For maximum privacy: Use Tor Browser (completely blocks plugin detection)