[ADP-141] User-Agent

Overview

The User-Agent HTTP header is a string sent by the client to identify itself to the server. It typically includes information about the client application, operating system, software vendor or version.

Guidance

MUST NOT use User-Agent for client identification due to privacy concerns. See ADP-354: Client Hints for a more privacy-preserving alternative.
SHOULD treat User-Agent as unreliable information, as it can be easily spoofed or modified by clients.
MAY use User-Agent for analytics or debugging purposes, but MUST NOT rely on it for critical functionality.

Examples

Typical User-Agent string

http

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

Minimal User-Agent for an API client

http

User-Agent: MyAPIClient/1.0

ADP-354: Client Hints
ADP-120: HTTP Headers

References

MDN Web Docs: User-Agent
RFC 9110: User-Agent

[ADP-141] User-Agent ​

Overview ​

Guidance ​

Examples ​

Typical User-Agent string ​

Minimal User-Agent for an API client ​

Related ADPs ​

References ​