User-Agent Client Hints explained

Chrome, Edge, and Brave send structured “hints” about your browser and device — sometimes more precisely than the old User-Agent string. Here is what leaks and how to tighten it.

Structured browser data packets representing Client Hints headers

What Client Hints are

Instead of one long User-Agent string, Chromium browsers can send separate headers like Sec-CH-UA (browser brands and versions), Sec-CH-UA-Platform (operating system), and Sec-CH-UA-Mobile (phone vs desktop). JavaScript can also read userAgentData for similar details.

High-entropy Client Hints go further when a site requests them: architecture, bitness, model, and full version lists via JavaScript userAgentData. Our analysis flags these on the High-entropy Client Hints inference card when Chromium returns them.

What this does not fix: canvas/WebGL fingerprinting, cookies, or IP location. Firefox and Safari use different models with less Client Hint traffic.

Related signals we detect today

Client Hints browser — Sec-CH-UA brand list
Client Hints platform — Sec-CH-UA-Platform
Client Hints mobile — Sec-CH-UA-Mobile
User-Agent Data (JS) — navigator.userAgentData brands
High-entropy Client Hints — architecture, bitness, or model when exposed
UA / CH mismatch — inconsistent browser claims
Browser identity — classic User-Agent parsing

Step-by-step: limit Client Hints exposure

Chrome

Settings → Privacy and security → Third-party cookies → consider blocking third-party cookies (reduces cross-site hint correlation).
For User-Agent reduction: Chrome is gradually freezing the UA string — you cannot fully disable low-entropy hints without extensions.
Review installed extensions that modify the User-Agent — mismatches trigger our consistency checks.

Edge

Settings → Privacy → Tracking prevention → Strict.
Same Client Hint behavior as Chromium — see Edge privacy check.

Brave

Shields → fingerprinting blocking helps reduce scripted hint collection.
Brave may randomize some fingerprint surfaces — verify with analysis, not assumptions.

Firefox / Safari

These browsers do not send Sec-CH-UA the same way. Focus on anti-fingerprinting instead.

Verify with the analysis tool

Run live analysis in your Chromium browser.
Check the HTTP headers tab for Sec-CH-UA* values.
Check the JavaScript tab for userAgentData.
Look for UA / Client Hints mismatch inferences on the Overview tab.

See exactly which Client Hints your browser sends.

Analyze Client Hints

Frequently asked questions

Are Client Hints worse than the User-Agent?

They are more structured and easier for servers to parse. Combined with fingerprinting they strengthen tracking; alone they identify browser family, not usually you individually.

Will Firefox adopt Client Hints?

Mozilla has resisted full UA-CH adoption. Policies change — re-run analysis after major browser updates.

← Protection hub