Understanding the clientside script from Marc Lou's datafa.st
Published at May 16, 2025
Introduction
Marc Lou’s datafa.st script collects and sends different data about you to the datafa.st application. The customer of datafa.st can then view the traffic information on their datafa.st dashboard.
The following data is collected about you:
- Viewport (screen height and screen width)
- Referrer
- Url
Renaming the variables
So the script on the client has some weird variable names. This might be done to spare some bytes or as a minor obfuscation attempt. After looking through the code and checking what the different functions do, I found the following interesting functions.
This function is what creates the clients fingerprint. The fingerprint sends referrer and viewport as well as some other data. The fingerprint also includes a session cookie that lasts for 30 minutes at a time and a visitor id cookies that lasts for a year.
// Gets fingerprinting information
function fingerprinting_array() {
const url = window.location.href;
if (!url) return void console.warn(
'DataFast: Unable to collect href. This may indicate incorrect script implementation or browser issues.'
);
// Information array for server
const fingerprint_array = {
websiteId: website_id,
domain: domain,
href: url,
referrer: document.referrer ||
null,
viewport: {
width: window.innerWidth,
height: window.innerHeight
}
},
visitor_id_cookie = function () {
let cookie_value = cookie_value('datafast_visitor_id');
// If no cookie, create new cookie with visitor_id
cookie_value ||
(
cookie_value = 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(
/[xy]/g,
(
function (cookie_value) {
const random_number = 16 * Math.random() | 0;
return ('x' == cookie_value ? random_number : 3 & random_number | 8).toString(16)
}
)
),
create_cookie('datafast_visitor_id', cookie_value, 365)
);
return cookie_value
}(),
session_id = session_id_create_or_value();
return fingerprint_array.visitorId = visitor_id_cookie,
fingerprint_array.sessionId = session_id,
fingerprint_array
}