Find Out Which Sites Users Have Accessed In Private Browsing Modes

Martin Brinkmann
Oct 3, 2010
Updated • Dec 13, 2014

Private browsing is a relative new feature that allows users to hide their web activities. The mode blocks that browsing session data os stored in the browser or on the computer's hard drive. This for instance means that no data is written to the cache or the cookie storage.

Users naturally feel safer using that mode, but that should not be the case. Why? Because there are means to find out which sites have been accessed in private browsing mode locally.

You see, one feature of the Windows operating system is a DNS cache, that stores domain name and IP links. Without going into to much details, the DNS cache records information about every website that the user opens in a web browser in Windows.

Curious Windows users just need to list the contents of the DNS cache to find out what websites a user has been visiting in private browsing mode. It may require some additional comparison to find the private browsing mode websites, but that requires just some manual work and can be neglected.

Here is how you can display the contents of the DNS cache:

  • Open a command prompt in Windows. The easiest way to do that is to press Windows-R, type cmd and the enter key.
  • Now type the command ipconfig /displaydns in the command prompt and hit enter.
  • This displays all websites that have been stored in the DNS cache. Please note that this includes everything, which means websites in all web browsers, regardless of whether they have been opened automatically (e.g. by a script on the site) or manually by the user and also other programs that connect to the Internet.

Chance is the list is too large for the command line cache. You can use the command ipconfig /displaydns > dns.txt to save the output in the text document dns.txt. It is then possible to open the document in a text editor, to see all records. Opening it in a text editor has other advantages, like being able to search through the records.

Windows offers an option to flush the DNS cache so that all records are deleted from the cache. This is done with the command ipconfig /flushdns.

flush dns

Some programs (like CCleaner) offer options to delete the DNS Cache. It is also possible to write a simple batch file to delete it on shutdown. Let me know if you like an example script that does that.

Windows users who regularly work in private browsing mode should consider clearing their system's DNS cache frequently to protect their privacy.

Find Out Which Sites Users Have Accessed In Private Browsing Modes
Article Name
Find Out Which Sites Users Have Accessed In Private Browsing Modes
Private Browsing modes are not as private as they are supposed to be. This guide provides one option to look up sites visited in the mode.

Previous Post: «
Next Post: «


  1. Stylefashionwomen said on February 15, 2020 at 9:36 am

    Users will then use a second browser for all their web searching and random browsing. On this browser, a user will never log into any website ever. They will never use this browser to personally identify themselves in any way, period. We ll call this your everyday browser. By splitting up your web activity between two browsers, you ll obtain the utmost privacy and anonymity possible without sacrificing convenience or the ease of use of the websites you need to log in to. That s because the majority of your web usage will be done in your everyday browser, which, by never logging into any website, will make it extremely hard for data firms to identify you and track your activities especially if you fit your everyday browser out with some hardcore privacy extensions. You can go all out with your privacy settings on your everyday browser : Block all cookies, scripts, and trackers, and always use in it incognito mode. That s because you won t be logging into any sites that require cookies or scripts to be enabled to work.

  2. misha said on April 20, 2016 at 4:15 pm

    same problem here..i cant see what i visited!

  3. Mike said on June 20, 2014 at 5:01 pm

    I personally tried to see if I could find sites I went to under “Private Browsing” but it does not work. I went to 3 different sites but when I wrote it to a txt file and viewed them I could not find it in there. Even after I flushed dns and tried again knowing I should have nothing there except for the private information. As a matter of fact I believe all I was seeing were the banners and ads from the sites I went to. The actual site I typed in was not showing up.


    1. linda said on October 31, 2015 at 5:52 pm

      same problem here Mike

  4. Rachel said on February 9, 2013 at 5:11 am

    how to find out dates with these websites??

  5. lee said on October 6, 2012 at 10:28 pm

    When I try to open this a box flashes up very quickly but then dissapears straight away. Whats happening ?

  6. Kym said on April 20, 2012 at 3:03 am

    Hi, i’ve tried doing the dns.text but when Note pad opens it there is only the sites I just visited. None of the history on my laptop is being deleted so why can I not see other history? Am I just doing something wrong? After doing command I go and find the file and Note pad opens it? Please help. Kym

  7. Anonymous said on February 6, 2011 at 5:18 am

    Um, any help with retrieval on Linux??

  8. Andrew said on October 6, 2010 at 11:22 am

    I just don’t use DNS. Simple as that

  9. Nebulus said on October 5, 2010 at 10:22 am

    I use a simpler solution: i disable “DNS client” service completely. The downside of this action is that I give up having a DNS cache (each application that connects to internet is resolving the addresses directly), but I solve some security issues related to DNS resolver.

  10. FL said on October 4, 2010 at 1:19 pm
    1. Martin said on October 4, 2010 at 1:29 pm

      FL, yes that is another possibility, if the sites make use of Flash cookies. Private browsing is not really that secure, unless you take good care of the temporary data that gets written to the system.

  11. Ross said on October 3, 2010 at 8:43 pm

    That’s like washing your clothes before burning them. DNS cache on Windows is stored only in memory; it does not survive a reboot.

    1. Martin said on October 3, 2010 at 10:02 pm

      Ross yes that is right. Still, the option is valid for users who leave the computer on for days for example, or leave it on while they are not at home.

  12. TRY said on October 3, 2010 at 6:03 pm

    I always do the “ipconfig/flushdns” on command prompt before shutdown :D

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.