A method and system includes: receiving an access request for a protected web application server by the requesting browser application; returning a web page embedded with code that initiates a browser testing session between the requesting web browser and a remote access control server; generating a browser identity inspector based on a selection of two or more predetermined browser identity tests; executing the browser identity inspector to collect runtime environment data of the requesting web browser based on an execution of the selected two or more predetermined browser identity tests at the requesting web browser; compiling the collected runtime environment data into a browser digital fingerprint of the requesting web browser; using the browser digital fingerprint to: identify a browser version and type of the requesting web browser; calculating a browser identity confidence score that indicates a likelihood or a probability that the identified browser version and type is accurate.