Prepare for Chrome’s user‑agent reduction

Starting in Chrome 110 (February 2023) we are gradually introducing a fixed value for Android version and device model—the default value will always be Android 10 on a model K. If you rely on the user-agent to detect a visitor’s operating system version, Android device model, or detailed browser version then you may need to take action—read on for the details.

The user-agent is a string that provides information about the user’s browser and their environment—like knowing that a visitor on your site is running Chrome version 110 on Android. Your browser sends this in an HTTP header and makes it available via JavaScript.

The problem with full user-agent string is that it shares detailed information about the browser by default on every request which is a major factor in allowing cross-site tracking. Our goal is to reduce the opportunities for passively collecting this data while providing APIs to allow you to actively access data when you need it.

# User-agent reduction so far

We have already started removing some of the user-agent data that’s available by default, and replacing it with fixed values.

From Chrome 101 we replaced the minor version number with zeros, e.g. Chrome/101.3.2.1 became Chrome/101.0.0.0.

From Chrome 107 we replaced the desktop operating system version and CPU information with a fixed value for the platform.

# Fixed Android version and device model starting from Chrome 110

Starting in Chrome 110 we are gradually introducing a fixed value for Android version and device model. Instead of seeing something like Android 13 on Pixel 7 the default value will always be Android 10 on a model K.

# No change to the user-agent format

The user-agent reduction changes the values returned in the user-agent, but the format stays the same. If you only use the user-agent to read the operating system type or major browser version, that data will continue to update as before and you do not need to take any action.

# Alternatives to user-agent

If you do currently use the more detailed data, it’s always good to check if you can use progressive enhancement or feature detection instead.

Always remember that the user-agent is just like any other user-provided value—you should validate it and not assume it is accurate. The user-agent value can be easily changed by the user, extensions, other clients—or may simply not be sent at all. In most cases, you should be able to deliver working content to visitors without user-agent data.

# Request detailed data with User-Agent Client Hints

There are plenty of valid reasons to access detailed user-agent data, such as providing device-specific content, anti-fraud functionality, or fine-grained logging. If you do need the more detailed data, you can use the User-Agent Client Hints (UA-CH) API to access it. Like user-agent, UA-CH is available via HTTP headers or JavaScript.

You may have already seen the default headers being sent with the Sec-CH-UA- prefix that tells you the browser, its major version, the operating system, and if the browser is a mobile device.

⏫ Default User-Agent Client Hints request headers from Chrome:

Sec-CH-UA: "Chromium";v="110", "Not A(Brand";v="24", "Google Chrome";v="110"
Sec-CH-UA-Mobile: ?1
Sec-CH-UA-Platform: "Android"

You can use the Accept-CH header in your response to ask for more data. In this case, you can ask for Sec-CH-UA-Platform-Version and Sec-CH-UA-Model to get that Android version and device type back in subsequent requests.

⏬ Response header from your server specifying platform version and model:

Accept-CH:
  Sec-CH-UA-Platform-Version,
  Sec-CH-UA-Model

⏫ Request headers back from Chrome including Android version and model name:

Sec-CH-UA-Platform-Version: "13.0.0"
Sec-CH-UA-Model: "Pixel 7"

You can do the same thing in JavaScript by calling getHighEntropyValues() on the userAgentData API, passing in an array of the values you want: platformVersion and model. This returns a promise with an object containing the specific values.

navigator.userAgentData
.getHighEntropyValues(

).then(ua => { console.log(ua)
});

{
"platformVersion": "13.0.0",
"model": "Pixel 7"
}

# Cross-origin or initial requests

If you have cross-origin resources on your page that need these values you can allow access via the Permissions-Policy HTTP header or using the Delegate-CH meta tag in your HTML.

If it’s necessary for your site to have these sensitive values on the very first top-level request, you can use the Critical-CH HTTP header which will tell the browser to retry its initial request with those extra hints added. This may be helpful for legacy systems that are hard to update, but ideally you should not be relying on these sensitive values to serve your initial HTML.

# Learn more

To see the reduced user-agent string in action, check out the following:

• See the reduced user-agent string for your device on goo.gle/reduced-ua-demo
• See all the JavaScript and HTTP header User-Agent Client Hints for your device on goo.gle/ua-ch-demo
• Send the reduced user-agent string in your browser by enabling the #reduce-user-agent Chrome flag.

You can also still register for the User Agent Reduction origin trial to receive the reduced user-agent on your site, although we will end this trial in early March as we continue to ramp up sending the reduced user-agent by default.

We have more resources on the user-agent reduction landing page and you can also raise issues on our dedicated user-agent-reduction GitHub repo.