vdelitzIntroduction: What Are User-Agent Reduction and Client Hints?
In recent years, privacy concerns have driven significant changes in how browsers handle User-Agent strings. Traditionally used for identifying browser and device information, User-Agent strings have been reduced to limit the amount of information shared, thereby protecting user privacy. To address the limitations of User-Agent reduction, Client Hints have emerged as a solution, providing a more controlled and privacy-respecting way to share necessary information.
A Brief History of User-Agent Strings
User-Agent strings date back to the early days of web browsers, starting with Tim Berners-Lee’s WorldWideWeb. Initially, they were straightforward, providing basic browser and version information. Over time, they evolved to include detailed data about the operating system, device type, and more, which proved useful for web analytics and optimizing user experiences. However, this detail also enabled device fingerprinting, raising privacy concerns.
What is User-Agent Reduction?
User-Agent reduction aims to minimize the information in User-Agent strings to protect user privacy. High-entropy information like specific OS versions and hardware models is reduced. For example, Google’s Chrome now reports a less detailed User-Agent string:
- Before:
Mozilla/5.0 (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.2.1.0 Mobile Safari/537.36 - After:
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.0.0 Mobile Safari/537.36
Similarly, Firefox and Safari have implemented their own versions of User-Agent reduction, although with slight differences based on their unique policies.
How Do Client Hints Work?
Client Hints provide a way to request specific, high-entropy information about the user's device and browser in a privacy-conscious manner. There are two primary methods to access Client Hints:
- HTTP Request Headers: Websites can request specific information about the user's browser and device using HTTP request headers. This is typically used in first-party contexts, ensuring detailed user information is only accessible to the primary website, not third-party resources.
- JavaScript API: Client Hints can also be accessed via the navigator.userAgentData object within JavaScript. This allows dynamic querying for specific information, such as architecture, model, and platform version, without setting additional headers.
Implementing Client Hints
Using HTTP Request Headers
To implement Client Hints via HTTP headers, the server needs to set the appropriate headers in the HTTP response, signaling the browser to include these hints in future requests. For example:
Accept-CH: Sec-CH-UA-Platform-Version
Subsequent requests from the browser will then include the platform version:
Sec-CH-UA-Platform-Version: "14.5.0"
Using JavaScript API
For dynamic applications, the JavaScript API provides flexibility. For example, using the getHighEntropyValues method:
if (navigator.userAgentData) {
navigator.userAgentData.getHighEntropyValues(['architecture', 'model', 'platformVersion'])
.then(ua => {
console.log(ua);
});
}
Recommendations for Developers
Depending on your specific needs, you may choose different methods to gather user environment data:
- Feature Detection: Use existing browser JavaScript APIs wherever possible. This is more reliable and future-proof than relying on User-Agent strings.
- Low-Entropy Information: For basic details like device type, the User-Agent string might still be sufficient.
- High-Entropy Information: Use Client Hints if detailed information is necessary and you have control over the domain.
Conclusion
User-Agent reduction and Client Hints represent significant steps towards enhancing user privacy while still allowing websites to gather necessary information for optimal functionality. By understanding and implementing these technologies, developers can balance the need for detailed user data with privacy and performance considerations.
Find out more on our detailed blog post.
