supercookie.js

var $ = require('jquery');
var DOMAIN = 'example-domain.com';

function guid() {
  return Math.floor((1 + Math.random()) * 0x10000)
    .toString(16)
    .substring(1);
}

function bin2guid(num) {
  return parseInt(num, 2).toString(4);
}

function guid2bin(num) {
  return parseInt(num.replace('-', ''), 4).toString(2);
}

/**
 * Request the http version of the subdomain, and if the request is successful it
 * means we it has HSTS cache set (encoded as a 1). If its unsuccessful, it doesn't
 * have the HSTS cache set (encdoed as a 0).
 */
function checkBit(bit, list, cb) {
  $.get('http://' + bit + '.' + DOMAIN)
    .done(function () { cb(1); })
    .fail(function () { cb(0); });
}

/**
 * Request the https version of the subdomain for every 1 in the id
 */
function setBit(binId, bit) {
  if (binId.charAt(bit) === '1') {
    $.ajax('https://' + bit + '.' + DOMAIN);
  }
}


function getId(cb) {
  checkBit(0, function (bit0) {
    checkBit(1, function (bit1) {
      checkBit(2, function (bit2) {
        checkBit(3, function (bit3) {
          var binId = [bit0, bit1, bit2, bit3].join('');
          cb(bin2guid(binId));
        });
      });
    });
  });
}

function setId() {

  // Generate a fresh ID
  var id = guid();
  var binId = guid2bin(id);

  // Set the _supercookie_ using our lambda HSTS magic
  for (var i = 0; i < binId.length; i++) {
    setBit(binId, i);
  }

  // Return the original HEX ID
  return id;
}