Fingerprinting has been widely adopted by first- and third-party websites for the purpose of online tracking. It collects properties of operating systems, browsers, and even the hardware, for generating unique identifiers for visitors on websites. However, fingerprinting has raised both privacy and security concerns. In this paper, we present a traffic-based fingerprinting detection framework, FPExcavator. By analyzing the difference on values carried in outgoing requests from different browsers and machines, FPExcavator detects possible identifiers, as the generated fingerprints, in request header and payload. We implemented FPExcavator with OpenStack, Java, and some command scripts, and evaluated it on 100 websites in a lab setting and 100 websites selected from real-world. FPExcavator achieved 100% detection accuracy rate on 100 testing websites and 99% detection accuracy rate on 100 real-world websites. Meanwhile, it identified 12 new online tracking domains that have not been reported by previous research work. The evaluation results demonstrate that FPExcavator is useful and effective.