How to font fingerprinting edge cases reference
- Step 1Confirm WOFF2 determinism — wawoff2 produces deterministic output — same input bytes → same WOFF2 bytes. Hashes stable across re-runs.
- Step 2Check OS-level metadata stripping — Some font tools embed timestamps in the head table. Re-saving the same font produces different bytes (and different hashes) due to the timestamp. Use TTX or fonttools to verify timestamps are zeroed.
- Step 3Beware of font installer round-trips — Installing a font on macOS via Font Book and re-extracting produces different bytes. The OS strips/reorders some tables. Always fingerprint the source binary, not extracts from installed fonts.
Frequently asked questions
Why do different builds produce different hashes for the same font?+
Most likely: the font generator embeds a build timestamp in the head.created or head.modified field. fonttools' --recalc-timestamp=False option keeps timestamps stable across builds.
Can two fonts render identically with different hashes?+
Yes — different byte orderings of OpenType tables, different metadata records, different padding. Functionally identical to the renderer; cryptographically distinct. Hashes catch byte differences, not visual ones.
Is the SRI hash format different from filename hash?+
Yes. Filename: short hex prefix (e.g., abc12345). SRI: full base64 (e.g., sha256-q1w2e3...). The JAD Fingerprinter emits both for the same source bytes.
Privacy first
Every JAD Font tool runs entirely in your browser using opentype.js and the wawoff2 WASM Brotli encoder. Your fonts never leave your device — verified by zero outbound network requests during processing.