Hubbry Logo
User agentUser agentMain
Open search
User agent
Community hub
User agent
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Contribute something
User agent
User agent
User agent
View on Wikipedia
from Wikipedia

On the Web, a user agent is a software agent responsible for retrieving and facilitating end-user interaction with Web content.[1] This includes all web browsers, such as Google Chrome and Safari, some email clients, standalone download managers like youtube-dl, and other command-line utilities like cURL.[2]

The user agent is the client in a client–server system. The HTTP User-Agent header is intended to clearly identify the agent to the server.[2] However, this header can be omitted or spoofed,[2] so some websites use other detection methods.

References

[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

User agent

View on Grokipedia
from Grokipedia
A user agent is any software that retrieves, renders, and facilitates end-user interaction with , acting on behalf of the user in client-server communications such as web browsing. In the context of the Hypertext Transfer Protocol (HTTP), a user agent refers to the client software—such as a , media player, or automated crawler—that originates requests to servers and processes responses. User agents typically include web browsers (e.g., or Chrome), browser extensions, plug-ins, and other applications like media players or web-based readers that handle web resources. A key mechanism for user agents is the User-Agent HTTP request header field, which identifies the originating client software to the server, often including details like product name, version, and operating system to support and compatibility. This header enables servers to select appropriate representations of resources based on the agent's capabilities, while also aiding in , , and issue resolution, though it raises concerns due to potential device fingerprinting. Beyond HTTP, the term extends to protocols like the (SIP), where user agents manage communication sessions, but its primary association remains with web technologies.

Overview

Definition

In computing, particularly within the context of web communications and the Hypertext Transfer Protocol (HTTP), a user agent refers to any client program or software entity that initiates requests to a server on behalf of a user or an automated process. This encompasses a wide range of implementations beyond traditional web browsers, including web crawlers (spiders), command-line tools, mobile applications, and even embedded devices such as household appliances or update scripts. The user agent serves as an intermediary, handling the transmission of requests and the reception of responses to facilitate interactions between the client and server. The term "user agent" can denote either the software component itself or, more specifically, the identifying string conveyed in HTTP headers during network communications. In the latter sense, the field provides a characteristic string that reveals details about the originating client, such as its application type, operating system, vendor, and version, enabling servers to recognize the requester. This header is optional but commonly included in requests to offer contextual information without guaranteeing precise capability detection. Representative examples illustrate the diversity of user agents. A desktop web browser might send (as of November 2025): Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36, identifying a recent Chrome browser on Windows. In contrast, a mobile app could use: Mozilla/5.0 (iPhone; CPU iPhone OS 18_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1 Mobile/15E148 Safari/604.1, signaling a recent iOS Safari instance, while a command-line tool like curl might transmit: curl/8.10.1.

Purpose

The User-Agent header serves primary purposes in enabling server-side content adaptation, protocol negotiation, and compatibility detection within HTTP communications. By including details about the client software, such as product name and version, it allows servers to tailor responses to the requesting user agent's capabilities and limitations, for instance, delivering optimized mobile versions of web pages to devices with constrained screens or processing power rather than full desktop layouts. This adaptation is part of HTTP's proactive mechanism, where servers examine request headers like User-Agent to select appropriate representations without needing further client queries. In the HTTP protocol, the User-Agent is transmitted as a request header to inform servers about the originating client, facilitating statistical tracking, , and the identification of potential protocol issues. This informs servers of client characteristics, enabling compatibility checks to avoid serving content that could cause rendering errors or suboptimal experiences based on known browser or device behaviors. Key benefits include enhanced performance through customized responses that reduce unnecessary data transfer and processing on the client side, support for indirect feature detection via inferred capabilities, and aggregation for on user demographics, such as browser usage trends or device types. However, due to concerns, modern web browsers have implemented User-Agent reduction, providing less detailed information in the header to mitigate fingerprinting risks, and instead promote Client Hints for secure capability negotiation. These advantages promote efficient web interactions while minimizing additional round-trips for capability discovery. Beyond web contexts, the appears in protocols like SIP for VoIP applications, where it identifies the user agent client for purposes such as and aiding proxies in decisions during session establishment. In SIP, this identification helps network elements trace protocol compliance and select appropriate handling without altering core logic.

Format and Structure

Syntax

The User-Agent header field contains a characteristic string that enables the recipient to identify the software originating an HTTP request, serving as a product identifier for the user agent. Its syntax is defined in RFC 9110 using Augmented Backus-Naur Form (ABNF) as User-Agent = product *( RWS ( product / comment ) ), where a product consists of a token optionally followed by a slash and product-version (both tokens), and comment encloses additional details in parentheses. This allows for a sequence of one or more products separated by required whitespace (RWS), forming a free-form string that adheres to informal conventions such as product tokens delimited by slashes (e.g., token/version) and spaces between elements. User agents are recommended to include this header in requests unless specifically configured otherwise, listing products in order of decreasing significance and limiting details to essential identifiers to avoid unnecessary length or privacy risks. Although RFC 9110 discourages mimicking other agents to declare compatibility, as it circumvents the field's purpose, compatibility tokens such as Mozilla/5.0 are commonly prepended in practice to ensure recognition by legacy servers, even if the actual software differs. The string has no strict maximum length in the specification, though practical implementations vary in handling long headers, with some servers imposing limits such as 512 characters or more for total header sizes. Servers parse the User-Agent string primarily through token matching against known products and versions, as no rigid exists beyond the ABNF; common patterns include parenthetical comments for platform and rendering engine details (e.g., (platform; details)), followed by browser or client identifiers. Parsing is tolerant of unrecognized elements, with recipients ignoring extraneous parts while prioritizing the first matching product for identification. The field name itself is case-insensitive per HTTP conventions, though product tokens and versions are treated as case-sensitive to preserve exact identification. The string must conform to token rules, excluding control characters (CTLs) and separators (tspecials such as parentheses outside comments, slashes, or quotes), ensuring only visible characters from the VCHAR set are used. Senders are prohibited from including empty products or excessive subproduct details, and the overall format avoids mimicking other agents to reduce misidentification risks.

User-Agent = product *( RWS ( product / comment ) ) product = token [ "/" product-version ] product-version = token comment = "(" *( ctext / quoted-pair / comment ) ")"

User-Agent = product *( RWS ( product / comment ) ) product = token [ "/" product-version ] product-version = token comment = "(" *( ctext / quoted-pair / comment ) ")"

This ABNF ensures structured yet flexible construction, with RWS requiring at least one SP or HTAB between elements.

Components

The User-Agent string typically comprises several core components that identify the client software, its version, the underlying platform, and compatibility details, allowing servers to tailor responses accordingly. The primary elements include the product name, version numbers, compatibility tokens, platform information, and optional extensions. These components are assembled according to informal conventions rather than a rigid standard, resulting in variations across different clients. A common structure follows the format Product/Version (Platform; Details) Engine/Version, where the product identifies the application (e.g., "Mozilla/5.0" as a historical compatibility token used by many browsers), followed by version numbers specifying the software release (e.g., "Chrome/142.0.0.0"). The parenthetical section details the platform, such as the operating system and architecture (e.g., " 10.0; Win64; x64"), which indicates the host environment like on a 64-bit system. Compatibility tokens, often appearing as extensions, signal rendering engines or legacy support, such as "/20100101" for Firefox's engine or "AppleWebKit/537.36" for WebKit-based browsers like Chrome and . For example, a typical string as of November 2025 might be Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:145.0) Gecko/20100101 [Firefox](/page/Firefox)/145.0, where "rv:145.0" denotes the version, and "/145.0" specifies the browser release. In contrast, a Chrome example could be Mozilla/5.0 (Macintosh; [Intel](/page/Intel) Mac OS X 10_15_7) AppleWebKit/537.36 ([KHTML](/page/KHTML), like [Gecko](/page/Gecko)) Chrome/142.0.0.0 [Safari](/page/Safari)/537.36, incorporating "KHTML, like " as a compatibility token to mimic older browsers and "/537.36" as an extension for rendering hints. These parts enable servers to detect browser capabilities without relying on . Since 2021, major browsers have implemented User-Agent reduction to enhance by omitting or generalizing details like minor version numbers, OS versions, and device models that could aid fingerprinting. For instance, reduced Chrome strings might exclude full OS version (e.g., "Macintosh; Mac OS X 10_15_7" becomes more generic), with additional details provided via Client Hints headers if needed. This initiative, supported by standards like RFC 8941 for Client Hints, results in shorter, less identifying strings while maintaining compatibility. Variability in components arises based on the client type; web browsers often include detailed elements for full identification, while bots or minimal clients like may use abbreviated strings such as curl/8.17.0, omitting platform and engine details to reduce overhead. Optional extensions can include preferences (e.g., "en-US") or device specifics (e.g., "Mobile" for mobile browsers), but these are not universally present. Common identifiers include "Win64" or "x86_64" for architecture, "" for OS versions, and engine tokens like "Trident/7.0" for older versions, each serving to convey precise environmental context.

History

Origins

The user agent concept emerged in the early 1990s alongside the invention of the at , where developed the foundational HTTP protocol and associated software between 1989 and 1991. The initial World Wide Web browser, released in 1990 for NeXT computers, operated under the primitive HTTP/0.9 specification, which lacked formal headers but laid the groundwork for client-server communication. As the web expanded, the need for clients to identify themselves became evident to facilitate server-side logging and basic compatibility checks. Early implementations of user agent identification appeared in CERN's library, a C-based package released in 1992 to enable portable browser development across platforms like Unix, Windows, and Macintosh. Derived from the initial browser, this library facilitated subsequent browsers but did not power the very first ones, such as the graphical app (later renamed ) from 1990 or the text-based , launched in 1991 and suitable for dumb terminals. These early clients sent simple identification strings via ad hoc HTTP extensions predating formal standards. For instance, browsers identified as "CERN-LineMode/2.15 /2.17b3" to inform servers of their software and versions. The initial purpose of these strings was basic client identification for statistical tracking and troubleshooting on early web servers, including CERN's httpd and the NCSA HTTPd server released in 1993. NCSA HTTPd, one of the first widely adopted servers, logged such identifiers to monitor usage and debug issues in the nascent web ecosystem. Clients like the browser, released in 1993, adopted similar formats, sending strings such as "NCSA_Mosaic/2.0" to signal their capabilities, like inline image rendering, to servers. The user agent was formally introduced as an HTTP request header in HTTP/1.0, specified in RFC 1945 published in May 1996 by the IETF. This standardization defined it as an optional field containing product tokens and comments for the originating user agent, exemplified by "User-Agent: CERN-LineMode/2.15 /2.17b3," to support statistical purposes and trace proxy involvement without mandating detailed parsing.

Evolution and Standards

The evolution of user agent strings was profoundly shaped by the of the 1990s and early 2000s, where intense competition between and drove the need for compatibility with web content optimized for specific browsers. During this period, Netscape's introduction of the "Mozilla" token in its user agent string—intended to identify its rendering engine—prompted competitors to include it for access to Netscape-optimized sites, leading to widespread spoofing and an expansion of string complexity to signal compatibility features. This resulted in increasingly verbose strings, as browsers appended details about versions, platforms, and engines to avoid content restrictions, turning the user agent into a compatibility manifest rather than a simple identifier. Key developments in the late and beyond further diversified user agent formats. In 1999, 5.0 introduced more detailed platform information, such as specific Windows versions (e.g., "Windows 95"), while retaining the "Mozilla/4.0 (compatible; MSIE 5.0)" prefix to mimic for broader access. The early 2000s saw the rise of mobile user agents with the proliferation of WAP-enabled devices, exemplified by Nokia's simple strings like "Nokia7110/1.0 (04.84)," which conveyed device model and to support limited experiences. Post-2010, the shift to evergreen browsers—such as (launched 2008) and with automatic updates—streamlined updates but perpetuated compatibility hacks, with strings like Firefox's "Mozilla/5.0 (Windows NT 10.0; rv:60.0) Gecko/20100101 Firefox/60.0" balancing legacy support and modernity. Standardization efforts aimed to impose structure amid this chaos. The HTTP/1.1 specification in RFC 2616 (1999) formalized the as an optional field for identifying the client software, recommending product tokens like name and version but allowing free-form comments for additional details. This was refined in RFC 7231 (2014), which deprecated certain ambiguous practices and emphasized that user agents should not be relied upon for precise identification due to spoofing risks. For mobile contexts, the W3C-influenced UAProf (User Agent Profile) standard emerged in the early 2000s via the , using XML documents linked via HTTP headers to describe device capabilities beyond basic strings; though influential for early smartphones, it has become largely legacy as modern protocols favor dynamic queries. As of 2025, modern trends emphasize reduced disclosure for enhanced , countering the historical verbosity. Google's Chrome User-Agent Reduction initiative, launched in , progressively minimizes platform and version details in strings (e.g., omitting minor versions and OS specifics on desktop), replacing them with opt-in Client Hints for servers needing precise data; by 2024, this reduction had been fully implemented across major browsers including Chrome, , and . This privacy-focused minimalism aligns with broader efforts to limit fingerprinting while maintaining compatibility, though it requires web developers to adapt to less informative defaults.

Usage

In Web Browsers

Web browsers generate user agent strings to identify themselves to web servers, incorporating details about the browser, rendering engine, operating system, and version. For , the string is constructed in the , typically following the format Mozilla/5.0 (Platform; features) AppleWebKit/537.36 ([KHTML](/page/KHTML), like [Gecko](/page/Gecko)) Chrome/Version [Safari](/page/Safari)/537.36, where the AppleWebKit and KHTML, like Gecko tokens maintain compatibility with legacy sites while indicating the underlying Blink rendering engine. Mozilla Firefox builds its user agent string as Mozilla/5.0 (Platform; rv:GeckoVersion) Gecko/20100101 Firefox/BrowserVersion, explicitly including the Gecko token to denote its Gecko rendering engine, with the rv field representing the Gecko revision version for precise engine identification. Apple's Safari constructs its string in the form Mozilla/5.0 (Platform) AppleWebKit/WebKitVersion (KHTML, like Gecko) Version/BrowserVersion Safari/WebKitVersion, using the AppleWebKit token to signal the WebKit rendering engine, which enables servers to tailor responses based on WebKit-specific capabilities. Microsoft Edge, built on the Blink engine since version 79, formats its user agent as Mozilla/5.0 (Platform) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/Version Safari/537.36 Edg/EdgeVersion, appending the Edg token after the Chrome version to distinguish it from other Blink-based browsers like Chrome. Servers parse these user agent strings for , delivering optimized CSS and JavaScript tailored to the browser's engine and capabilities—for instance, serving WebKit-optimized stylesheets to or Blink-compatible scripts to Chrome and Edge—while excluding unsupported features to reduce load times. This detection also influences font loading, where servers select formats like WOFF2 for modern or Blink engines versus older formats for legacy compatibility, ensuring efficient rendering without fallback delays. For viewport optimization, servers use platform indicators in the string (e.g., mobile-specific tokens in iOS or Android Chrome) to serve responsive layouts, such as narrower viewports or touch-optimized CSS, enhancing mobile user experiences. Evergreen browsers like Chrome undergo frequent automatic updates—major releases every four weeks with minor version increments—resulting in rapidly evolving user agent strings that include full versioning for accurate server-side feature mapping. However, Chrome's User-Agent Reduction initiative, implemented progressively since 2021, freezes minor version details in the string (e.g., reporting only major versions like Chrome/110 for ), which stabilizes strings across updates and reduces fingerprinting risks while maintaining compatibility for content delivery. This versioning approach in evergreen models ensures backward compatibility but requires servers to handle granular changes without over-reliance on exact minor versions. JavaScript developers access the user agent string via the navigator.userAgent property of the Navigator API, which returns the full string for runtime inspection, such as logging browser details in console outputs. Despite its availability, industry trends deprecate heavy reliance on navigator.userAgent for browser detection due to spoofing vulnerabilities and inconsistencies across engines, favoring feature detection methods like checking if ('geolocation' in navigator) to verify capabilities directly. As an alternative, the User-Agent Client Hints API (e.g., navigator.userAgentData.getHighEntropyValues()) provides opt-in, reduced data like platform and mobile status, aligning with privacy-focused shifts away from full string parsing.

In Other Clients

In mobile applications and API clients, user agents are commonly customized to identify the application, version, and platform during HTTP requests, aiding servers in tailoring responses or logging interactions. For instance, Android apps using the Cronet networking library construct user agent strings that incorporate the application name, version, system build details, model, and Cronet version itself. Similarly, API clients like those accessing the (now X) API are required to include a specifying the client's version to facilitate and compliance. HTTP libraries such as default to a simple user agent format like "curl/8.1.2", which developers can override using the --user-agent option to provide more descriptive identifiers. Bots and web crawlers employ distinct user agent strings to signal their automated nature and purpose, enabling servers to differentiate them from human-driven traffic. Search engine bots, such as , use identifiers like "Googlebot/2.1" in HTTP requests to indicate their role in indexing content. To verify the authenticity of these bots and prevent spoofing, mechanisms like reverse DNS lookups on the request's source or matching against known IP ranges are recommended. Additionally, well-behaved crawlers respect directives in files to control access to site sections, avoiding unnecessary load on servers. In (IoT) and embedded systems, user agents are often minimalistic, focusing on essential device identification for interactions while conserving resources. Smart TVs and sensors typically include strings that denote the device model, version, or vendor, such as those used in web applications for HTTP-based service calls. These compact formats help backend services recognize and authorize requests from resource-constrained environments without revealing excessive details that could pose security risks. Beyond HTTP, user agents appear in protocol-specific formats in other clients like , VoIP, and systems. In SMTP for transmission, the User-Agent field resides within the Internet Message Format headers rather than the protocol envelope, identifying the mail user agent (MUA) software that composed the message, as specified in RFC 5322 (e.g., "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.0"). For SIP in VoIP applications, the User-Agent header conveys the client’s capabilities, software version, and characteristics to peers, per RFC 3261 (e.g., " Beta1.5"), supporting interoperability in session setup. In contrast, the FTP protocol lacks a dedicated user agent field; client identification occurs via the USER command for authentication, with no standardized string for software details as outlined in RFC 959.

Issues and Considerations

Security Implications

User agent strings are frequently spoofed by attackers to bypass security restrictions imposed by s and services. By altering the string to mimic legitimate browsers or bots, malicious actors can evade web application firewalls (WAFs), , and content access controls, facilitating unauthorized or resource abuse. For instance, fraudsters may pretend to be crawlers to extract content without detection, or disguise automated scripts as human users to circumvent anti-bot measures. This tactic is commonly employed in ad schemes, where spoofed agents generate artificial traffic to inflate impressions and clicks, leading to substantial financial losses for advertisers. The disclosure of software versions and configurations within user agent strings poses significant risks by enabling targeted exploitation of known . Attackers can these details to identify outdated browsers or clients susceptible to drive-by downloads or remote code execution, tailoring payloads accordingly. A prominent example is the use of malformed user agent headers to exploit flaws in server-side software, allowing injection of arbitrary commands without . This exposure has facilitated attacks ranging from to full system compromise, as servers often log or process the without sufficient sanitization. Historical incidents underscore these threats, particularly in the when botnets leveraged spoofed or malicious user agents for widespread exploitation. The 2014 Shellshock vulnerability (CVE-2014-6271 and related) saw attackers embed exploit code directly in user agent strings sent via HTTP requests, enabling remote command execution on vulnerable Bash-enabled servers and contributing to propagation across millions of systems. In the 2020s, the rise of adversarial AI has amplified such misuse, with automated agents mimicking legitimate user agents like those of or to spoof crawler traffic for stealthy or denial-of-service amplification; research indicates that up to 16.7% of observed ChatGPT-user traffic is spoofed, often using distributed serverless functions to evade detection. To counter these risks, mitigation strategies emphasize server-side validation that extends beyond user agent strings, incorporating TLS fingerprinting and behavioral analysis for more robust client identification. TLS fingerprinting, such as the JA4 method, analyzes parameters like cipher suites and extensions to distinguish automated tools from genuine browsers, even when strings are altered, while behavioral signals—such as request patterns and timing—detect anomalies indicative of scripted activity. These approaches, often powered by , enable dynamic adaptation to evolving threats without relying solely on easily forged headers.

Privacy Concerns

User agent strings inherently disclose a range of device and configuration details, including the operating system, device type, preferred language, and sometimes screen resolution, which can be passively collected by servers via HTTP headers. This information contributes to browser fingerprinting, a tracking technique where websites combine user agent data with other attributes like fonts or canvas rendering to create unique identifiers for users across sessions and sites, even without cookies. For instance, detailed user agents have historically enabled high-entropy signals that distinguish individual browsers with over 99% accuracy in some studies. Under regulations like the General Data Protection Regulation (GDPR), effective since 2018, user agent data qualifies as personal information when it relates to an identifiable individual, particularly if processed alongside other signals for profiling or tracking purposes, necessitating explicit consent or a legitimate interest assessment before collection and storage. Similarly, the California Consumer Privacy Act (CCPA), enacted in 2018 and expanded via the California Privacy Rights Act, treats such data as personal information subject to consumer rights, including opt-out requirements for sales or sharing that could facilitate tracking, with non-compliance risking fines up to $7,500 per intentional violation. These frameworks emphasize transparency and user control, prompting website operators to obtain consent banners or anonymize logs containing user agents to avoid breaches. In response, major browsers have implemented measures to curb user agent-based privacy risks. Apple's Safari introduced user agent reduction in 2017 by freezing the iOS version in strings to limit versioning details that aid fingerprinting, evolving alongside Intelligent Tracking Prevention (ITP) to block cross-site trackers relying on such data. Firefox's resistFingerprinting feature, introduced in 2015 and refined in subsequent updates including around 2020 and November 2025 with Firefox 145's expanded protections blocking more pervasive fingerprinting techniques, standardizes the user agent to a generic string (e.g., mimicking an older ESR version) while spoofing related attributes like time zones, thereby reducing uniqueness without fully omitting the header. Meanwhile, discussions within the WHATWG and WICG in the 2020s have advanced User-Agent Client Hints, a standardized protocol that replaces verbose strings with opt-in, low-entropy hints requested only when necessary, as detailed in the 2021 specification draft. These detailed disclosures facilitate cross-site tracking, where advertisers or analytics firms correlate user agents with behavioral data to build persistent profiles, affecting user and exposing them to targeted ads or . As of 2025, user agent headers remain a standard component in the majority of web requests, as evidenced by their use in large-scale analyses by CDNs like , underscoring their role in pervasive fingerprinting despite reduction efforts. This evolution toward minimalism aligns with broader standards shifts, though legacy sites still leverage full strings for compatibility.

References

  1. https://www.w3.org/TR/UAAG20/
  2. https://datatracker.ietf.org/doc/html/rfc7231
  3. https://httpwg.org/specs/rfc9110.html
  4. https://httpwg.org/specs/rfc9110.html#proactive.negotiation
  5. https://httpwg.org/specs/rfc9110.html#field.user-agent
  6. https://httpwg.org/specs/rfc9110.html#request.context
  7. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/User-agent_reduction
  8. https://datatracker.ietf.org/doc/html/rfc3261#section-20.41
  9. https://www.rfc-editor.org/rfc/rfc9110.html#section-10.1.5
  10. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/User-Agent
  11. https://www.rfc-editor.org/rfc/rfc9110.html#section-5.6.3
  12. https://www.rfc-editor.org/rfc/rfc9110.html#section-5.6.5
  13. https://51degrees.com/blog/understanding-user-agent-string
  14. https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html
  15. https://www.mozilla.org/en-US/firefox/145.0.1/releasenotes/
  16. https://www.rfc-editor.org/rfc/rfc8941.html
  17. https://curl.se/docs/releases.html
  18. https://home.cern/science/computing/birth-web/short-history-web
  19. https://home.cern/science/computing/birth-web
  20. https://thehistoryoftheweb.com/web-first-and-second-browser/
  21. https://datatracker.ietf.org/doc/html/rfc1945
  22. https://webaim.org/blog/user-agent-string-history/
  23. https://nielsleenheer.com/articles/2024/a-brief-history-of-the-user-agent-string/
  24. https://deviceatlas.com/blog/user-agent-parsing-how-it-works-and-how-it-can-be-used
  25. http://blog.trasatti.it/2010/10/22/sorting-user-agent-strings-out/
  26. https://datatracker.ietf.org/doc/html/rfc2616#section-14.43
  27. https://datatracker.ietf.org/doc/html/rfc7231#section-5.5.3
  28. https://www.openmobilealliance.org/release/UAProf/OMA-UAProf-V2_0-20030520-C.PDF
  29. https://www.chromium.org/updates/ua-reduction/
  30. https://www.corbado.com/blog/client-hints-user-agent-chrome-safari-firefox
  31. https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/User-Agent
  32. https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/User-Agent/Firefox
  33. https://learn.microsoft.com/en-us/microsoft-edge/web-platform/user-agent-guidance
  34. https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/Browser_detection_using_the_user_agent
  35. https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Viewport-Width
  36. https://blog.chromium.org/2021/05/update-on-user-agent-string-reduction.html
  37. https://privacysandbox.google.com/blog/user-agent-reduction-android-model-and-version
  38. https://developer.mozilla.org/en-US/docs/Web/API/Navigator/userAgent
  39. https://wicg.github.io/ua-client-hints/
  40. https://developer.android.com/develop/connectivity/cronet/reference/org/chromium/net/CronetEngine.Builder
  41. https://developer.x.com/en/docs/x-api/v1/tweets/filter-realtime/guides/connecting
  42. https://curl.se/docs/manpage.html
  43. https://developers.google.com/search/docs/crawling-indexing/googlebot
  44. https://developers.google.com/search/docs/crawling-indexing/robots/create-robots-txt
  45. https://developer.samsung.com/smarttv/develop/api-references/tizen-web-device-api-references/websetting-api.html
  46. https://datatracker.ietf.org/doc/html/rfc5322#section-3.6.3
  47. https://www.ietf.org/rfc/rfc3261.txt
  48. https://www.rfc-editor.org/rfc/rfc959.html
  49. https://stytch.com/blog/user-agent-spoofing/
  50. https://cheq.ai/blog/user-agent-spoofing/
  51. https://medium.com/perimeterx/user-agent-based-attacks-are-a-low-key-risk-that-shouldnt-be-overlooked-1a5d487a1aa0
  52. https://blog.cloudflare.com/inside-shellshock/
  53. https://www.humansecurity.com/learn/blog/ai-crawler-spoofing-chatgpt-mistral-perplexity/
  54. https://blog.cloudflare.com/ja4-signals/
  55. https://web.dev/learn/privacy/fingerprinting
  56. https://onlinelibrary.wiley.com/doi/10.1155/2022/3363335
  57. https://gdpr-info.eu/art-4-gdpr/
  58. https://oag.ca.gov/privacy/ccpa
  59. https://www.exabeam.com/explainers/gdpr-compliance/gdpr-vs-ccpa-3-similarities-and-6-differences/
  60. https://privacysandbox.google.com/protections/user-agent
  61. https://support.mozilla.org/en-US/kb/resist-fingerprinting
  62. https://blog.mozilla.org/en/firefox/fingerprinting-protections/
  63. https://radar.cloudflare.com/reports/browser-market-share-2025-q2
Add your contribution
Related Hubs
Contribute something
User Avatar
No comments yet.