Sec-CH-UA

Limited availability

This feature is not Baseline because it does not work in some of the most widely-used browsers.

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The HTTP Sec-CH-UA request header is a user agent client hint which provides the user-agent's branding and significant version information.

The Sec-CH-UA header provides the brand and significant version for each brand associated with the browser in a comma-separated list. The header therefore allows the server to customize its response based on both shared brands and on particular customizations in their respective versions.

Sec-CH-UA is a low entropy hint. Unless blocked by a user agent permission policy, it is sent by default, without the server opting in by sending Accept-CH.

The header may include "fake" brands in any position and with any name. This is a feature designed to prevent servers from rejecting unknown user agents outright, forcing user agents to lie about their brand identity.

Note: The Sec-CH-UA-Full-Version-List header is the same as Sec-CH-UA, but includes the full version number rather than the significant version number for each brand.

Header type Request header, Client hint
Forbidden header name Yes (Sec- prefix)

Syntax

A comma separated list of brands in the user agent brand list, and their associated significant version number. The syntax for a single entry has the following format:

http
Sec-CH-UA: "<brand>";v="<significant version>", …

Directives

<brand>

A brand associated with the user agent, like "Chromium", "Google Chrome", or an intentionally incorrect brand like "Not A;Brand".

<significant version>

The "marketing" version number associated with distinguishable web-exposed features.

Description

A brand is a commercial name for the user agent like: Chromium, Opera, Google Chrome, Microsoft Edge, Firefox, and Safari. A user agent might have several associated brands. For example, Opera, Chrome, and Edge are all based on Chromium, and will provide both brands in the Sec-CH-UA header.

The significant version is the "marketing" version identifier that is used to distinguish between major releases of the brand. For example a Chromium build with full version number "96.0.4664.45" has a significant version number of "96".

Examples

Different Sec-CH-UA brands

Sec-CH-UA is a low entropy hint. Unless explicitly blocked by a user agent policy, it will be sent in all requests (without the server having to opt in by sending Accept-CH).

Strings from Chromium, Chrome, Edge, and Opera desktop browsers are shown below. Note that they all share the "Chromium" brand, but have an additional brand indicating their origin. They also have an intentionally incorrect brand string, which may appear in any position and have different text.

http
Sec-CH-UA: "(Not(A:Brand";v="8", "Chromium";v="98"
http
Sec-CH-UA: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"
http
Sec-CH-UA: " Not A;Brand";v="99", "Chromium";v="96", "Microsoft Edge";v="96"
http
Sec-CH-UA: "Opera";v="81", " Not;A Brand";v="99", "Chromium";v="95"

Specifications

Specification
User-Agent Client Hints
# sec-ch-ua

Browser compatibility

BCD tables only load in the browser

See also