User-Agent string explained

Every HTTP request from your browser includes a User-Agent header — a text string claiming your browser name, version, operating system, and often device type. Sites, analytics tools, and fingerprinting scripts all read it. Paste any UA below to see how servers parse it.

Browser identity string sent with every web request

Analyze a User-Agent string

Parse browser, OS, and device claims from any UA — or test how yours looks to servers.

What is the User-Agent?

The User-Agent is an HTTP request header your browser sends automatically on every page load, image fetch, and API call. It was originally meant to help servers serve compatible content. Today it typically looks like a long string: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 … Chrome/120 …

Servers never see your screen or canvas output from the UA alone — but they do get stable claims about browser family, version, operating system, and sometimes device model. That makes it one of the first layers in any privacy or tracking analysis.

How analysis tools use it

Privacy checkers, bot detectors, CDNs, and analytics platforms all parse the User-Agent:

On How Private Am I?, the User-Agent feeds the Browser identity, Operating system, and Device class inferences. Our API also accepts a user_agent override on POST /api/v1/analyze for headers-only previews like the tool above.

Why and how to change your User-Agent

Spoofing or reducing your UA can limit what servers infer — but it does not hide canvas, WebGL, IP, or Client Hints by itself.

Firefox

  1. Type about:config in the address bar and accept the risk prompt.
  2. Set general.useragent.override to a custom string (or leave empty to reset).
  3. Prefer privacy.resistFingerprinting for coordinated hardening instead of manual spoofing alone.

Chromium (Chrome, Edge, Brave)

  1. Chrome is reducing the classic UA string over time — low-entropy data moves to Client Hints.
  2. Extensions that change the UA can trigger consistency checks when Client Hints disagree.
  3. Brave Shields and strict tracking prevention help limit cross-site correlation.

Tor Browser

  1. Tor uses a uniform Firefox ESR User-Agent shared by all users on the same version — reducing UA-based uniqueness.
  2. See our Tor Browser guide for the full anonymity model.

User-Agent and fingerprinting

Alone, the User-Agent is usually low entropy — millions of users may share the same Chrome-on-Windows string. It becomes tracking-relevant when combined with other signals:

Changing only the UA string without aligning other signals can make you more distinctive. For full fingerprint context, run a live privacy analysis on the homepage.

Related signals we detect

See your full browser fingerprint — not just the User-Agent string.

Run full privacy analysis

Frequently asked questions

Can websites see my real User-Agent if I spoof it?

Only the string sent in HTTP requests changes. JavaScript can still read navigator.userAgent unless an extension patches it, and Client Hints may contradict a spoofed UA.

Is the User-Agent enough to track me individually?

Usually not by itself. Combined with fingerprint probes and IP geolocation it strengthens recognition — especially if your combination is rare.

User-Agent vs Client Hints — which matters more?

On Chromium, structured Client Hints increasingly replace the classic string. Both matter; see our Client Hints guide for the modern model.

← Protection hub