Home/What's My User Agent
[ P.4 — USER AGENT ]

What's My
User Agent?

Your browser identifies itself to every website you visit with a User-Agent string. Here's exactly what yours says.

Last reviewed: May 2026

// Runs entirely in your browser.
// raw user-agent string
// parsedFrom the UA string
// client hints
// bot detectionheuristic

Want the full fingerprint?

See your full browser fingerprint →
P.3

Browser Fingerprint

Canvas, fonts, WebGL, screen size, audio — everything beyond the UA string.
W.2

HTTP Security Headers

Inspect every HTTP header your browser sends, plus the security headers on any URL.
N.1

IP Address Lookup

Your public IP, ASN, geolocation, and ISP — the other half of how the web identifies you.

What is a User-Agent string?

The User-Agent header is a short string your browser sends with every HTTP request that identifies itself to the server — the browser name, version, rendering engine, operating system, and (sometimes) the device. It's been part of HTTP since the very first spec in 1991, and at the time it was a sensible idea: servers could spot Mosaic / Netscape / IE and serve content the browser actually understood.

Three decades later, the UA string has accumulated a lot of barnacles. It's a long, ugly free-form string that every browser parses differently. It's used for analytics, feature gating, A/B testing, ad targeting, malware detection, deprecation warnings, abuse blocking, and — most consequentially for privacy — browser fingerprinting.

Why every UA string starts with "Mozilla/5.0"

Every modern browser claims to be Mozilla. Chrome says it's Mozilla and Safari and Chrome. Firefox says it's Mozilla and Gecko. Edge says it's Mozilla and Safari and Chrome and Edge. This isn't a bug — it's history.

In the late 1990s, web servers checked the UA to decide whether to send "modern" markup (with frames, JavaScript) or a stripped-down fallback. Mozilla's Mozilla/5.0 token was the marker for the modern path. New browsers — IE, Opera, Safari, Chrome — couldn't get the good markup until they also said "Mozilla". Then sites started checking for "Safari" too, so Chrome added "Safari". Each browser added the previous browser's tokens to avoid being served degraded content. Nobody can drop the tokens because too many sites still gate on them.

So the modern UA string is a museum of all the browsers a current browser pretends to be. The actual identifying bit is usually only one token deep into the string.

Common UA formats

Chrome / WindowsMozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Safari / macOSMozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15
Firefox / LinuxMozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0
Chrome / AndroidMozilla/5.0 (Linux; Android 14; Pixel 8) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36
Safari / iPhoneMozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Mobile/15E148 Safari/604.1
GooglebotMozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

Client Hints — the structured replacement

Because the UA string is unparseable and a fingerprinting vector, Google started replacing it with User-Agent Client Hints (UA-CH) in Chrome 89 (2021). Instead of one free-form string, the browser exposes a structured object with a small number of low-entropy fields:

  • navigator.userAgentData.brands — a list like [{ brand: "Chromium", version: "124" }, { brand: "Google Chrome", version: "124" }]
  • .mobile — boolean
  • .platform"Windows", "macOS", "Android", etc.

High-entropy values (architecture, model, full platform version) require an explicit permission call (getHighEntropyValues). Chrome started reducing the UA string in Chrome 101+ — version numbers got rounded to the major, OS versions got pinned. Servers that need the granular data are expected to migrate to Client Hints.

Firefox and Safari haven't adopted Client Hints. Both kept the full UA string for now, with Safari adding its own UA reduction in Safari 17. The transition is messy, ongoing, and the timeline keeps slipping.

UA spoofing & privacy

The UA string is trivially spoofable — browser dev tools have a "device mode" that overrides it, and there are extensions for permanent override. But the practical fingerprinting story is harder than just changing one string: browser fingerprinting combines the UA with screen size, font enumeration, WebGL renderer, canvas hashes, audio context, and a dozen other signals. Lying about the UA alone moves you from a unique fingerprint to a slightly-less-unique fingerprint.

If you actually want to be hard to fingerprint, the right tool is the browser fingerprint test — it runs the whole panel and tells you how unique your browser is. Spoofing the UA in isolation is mostly cosmetic.

What the parser above does (and doesn't)

The UA breakdown on this page uses regex against the current standard tokens — same approach every analytics tool uses. It's accurate for the ~99% of well-formed strings from real browsers; it will misidentify exotic or deliberately-spoofed strings. For Client Hints, we read whatever the browser exposes via navigator.userAgentData — high-entropy values require a user gesture so we don't ask for them automatically. Bot detection looks for the obvious tokens (Googlebot, Bingbot, GPTBot, ClaudeBot, etc.) and flags WebDriver / headless markers; it's a heuristic, not a defence.