Sec-CH-UA
Limited availability
This feature is not Baseline because it does not work in some of the most widely-used browsers.
Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The HTTP Sec-CH-UA
request header is a user agent client hint which provides the user-agent's branding and significant version information.
The Sec-CH-UA
header provides the brand and significant version for each brand associated with the browser in a comma-separated list.
The header therefore allows the server to customize its response based on both shared brands and on particular customizations in their respective versions.
Sec-CH-UA
is a low entropy hint.
Unless blocked by a user agent permission policy, it is sent by default, without the server opting in by sending Accept-CH
.
The header may include "fake" brands in any position and with any name. This is a feature designed to prevent servers from rejecting unknown user agents outright, forcing user agents to lie about their brand identity.
Note:
The Sec-CH-UA-Full-Version-List
header is the same as Sec-CH-UA
, but includes the full version number rather than the significant version number for each brand.
Header type | Request header, Client hint |
---|---|
Forbidden header name | Yes (Sec- prefix) |
Syntax
A comma separated list of brands in the user agent brand list, and their associated significant version number. The syntax for a single entry has the following format:
Sec-CH-UA: "<brand>";v="<significant version>", …
Directives
<brand>
-
A brand associated with the user agent, like "Chromium", "Google Chrome", or an intentionally incorrect brand like
"Not A;Brand"
. <significant version>
-
The "marketing" version number associated with distinguishable web-exposed features.
Description
A brand is a commercial name for the user agent like: Chromium, Opera, Google Chrome, Microsoft Edge, Firefox, and Safari.
A user agent might have several associated brands.
For example, Opera, Chrome, and Edge are all based on Chromium, and will provide both brands in the Sec-CH-UA
header.
The significant version is the "marketing" version identifier that is used to distinguish between major releases of the brand. For example a Chromium build with full version number "96.0.4664.45" has a significant version number of "96".
Examples
Different Sec-CH-UA brands
Sec-CH-UA
is a low entropy hint.
Unless explicitly blocked by a user agent policy, it will be sent in all requests (without the server having to opt in by sending Accept-CH
).
Strings from Chromium, Chrome, Edge, and Opera desktop browsers are shown below. Note that they all share the "Chromium" brand, but have an additional brand indicating their origin. They also have an intentionally incorrect brand string, which may appear in any position and have different text.
Sec-CH-UA: "(Not(A:Brand";v="8", "Chromium";v="98"
Sec-CH-UA: " Not A;Brand";v="99", "Chromium";v="96", "Google Chrome";v="96"
Sec-CH-UA: " Not A;Brand";v="99", "Chromium";v="96", "Microsoft Edge";v="96"
Sec-CH-UA: "Opera";v="81", " Not;A Brand";v="99", "Chromium";v="95"
Specifications
Specification |
---|
User-Agent Client Hints # sec-ch-ua |
Browser compatibility
BCD tables only load in the browser