User-Agent Client Hints (UA-CH) is a privacy-preserving mechanism where the server explicitly requests specific browser attributes from the client via Accept-CH headers, rather than receiving the full, verbose User-Agent string automatically. The client responds with structured headers like Sec-CH-UA, Sec-CH-UA-Platform, and Sec-CH-UA-Mobile, providing only the granular data the server declares it needs for content negotiation.
Glossary
User-Agent Client Hints

What is User-Agent Client Hints?
A structured HTTP header protocol that replaces the monolithic User-Agent string with granular, server-requested browser attributes to reduce passive fingerprinting surface.
This delegation model prevents passive fingerprinting by ensuring that high-entropy data—such as exact OS version or device model—is only transmitted over secure connections after explicit server request. For AI crawler identification, UA-CH enables more reliable verification of bot signatures, as the structured, verifiable format is harder to spoof than the legacy free-form User-Agent string.
Key Features of User-Agent Client Hints
User-Agent Client Hints (UA-CH) replace the monolithic, entropy-rich User-Agent string with a granular, on-demand mechanism where servers request only the specific browser attributes they need, significantly reducing passive fingerprinting surface area.
The Sec-CH-UA Header
The Sec-CH-UA header delivers the browser's branding and significant version in a structured, list-based format rather than a single opaque string. Each brand entry includes a v parameter for the major version, allowing servers to parse compatibility without regex guesswork.
- Format:
Sec-CH-UA: "Chromium";v="124", "Google Chrome";v="124", "Not=A?Brand";v="99" - GREASE Integration: The
Not=A?Brandentry is a deliberate, randomized placeholder injected to prevent servers from hardcoding logic against specific browser strings, enforcing robust feature detection. - Low Entropy: This header is sent by default on every request without explicit server prompting, providing basic identification while eliminating OS, minor version, and device model leakage.
Sec-CH-UA-Platform and Platform Version
The Sec-CH-UA-Platform header provides the operating system identifier, while Sec-CH-UA-Platform-Version supplies the specific OS version. These are low-entropy hints sent by default, but the platform version can be gated behind explicit server request.
- Platform String:
"Windows","macOS","Linux","Android","Chrome OS" - Version Granularity: The platform version reveals the exact OS build (e.g.,
"10.0.22631.0"for Windows 11 23H2), which is critical for enterprise patch management but a fingerprinting risk if sent unconditionally. - Critical-CH: Servers must use the
Critical-CHresponse header to signal that a navigation request should be retried if a requested hint was not sent, ensuring the server receives essential data before rendering.
High-Entropy Hints: Model and Architecture
High-entropy hints like Sec-CH-UA-Model and Sec-CH-UA-Arch are never sent by default. The server must explicitly request them via the Accept-CH response header, and the client can choose to grant or deny access based on user privacy settings.
- Device Model:
Sec-CH-UA-Modelreveals the exact hardware SKU (e.g.,"Pixel 8 Pro","iPhone15,2"), enabling precise device-specific optimizations but posing a significant fingerprinting vector. - CPU Architecture:
Sec-CH-UA-Archexposes the underlying instruction set (e.g.,"x86","arm","ia32"), allowing servers to deliver architecture-appropriate binaries. - Bitness:
Sec-CH-UA-Bitnessdistinguishes between 32-bit and 64-bit processes (e.g.,"64"), which is essential for plugin delivery and memory allocation strategies.
Accept-CH and Delegation
The Accept-CH response header is the server's mechanism for requesting specific client hints on subsequent requests. For cross-origin resources, the Permissions-Policy header delegates hint access to third-party domains, preventing unauthorized leakage.
- Persistent Opt-In: Once a server sends
Accept-CH: Sec-CH-UA-Model, Sec-CH-UA-Arch, the browser caches this preference and includes the requested hints on future same-origin requests without needing repeated prompts. - Delegation Syntax:
Permissions-Policy: ch-ua-model=(self "https://cdn.example.com")explicitly whitelists a CDN origin to receive the device model hint, blocking all other third parties. - Origin Trial Legacy: The
Accept-CH-Lifetimeheader was deprecated in favor of implicit persistence, eliminating the ability to set permanent opt-in across browsing sessions for privacy reasons.
User Preference Media Hints
Client hints extend beyond device identification to user preference signals, enabling servers to deliver optimized content without client-side JavaScript detection. These hints respect the user's OS-level accessibility and personalization settings.
- Sec-CH-Prefers-Color-Scheme: Signals the user's light or dark mode preference (
"light"or"dark") directly in the HTTP request, allowing servers to serve appropriately themed assets before any HTML is parsed. - Sec-CH-Prefers-Reduced-Motion: Communicates the user's accessibility setting for minimizing animations (
"reduce"or"no-preference"), critical for serving motion-safe experiences to users with vestibular disorders. - Sec-CH-Prefers-Contrast: Exposes the user's contrast preference (
"more","less","no-preference","custom"), enabling server-side delivery of high-contrast CSS without client-side media query evaluation.
Network and Save-Data Hints
Client hints provide real-time network condition telemetry, allowing servers to adapt payload size and asset quality based on the user's effective connection type and explicit data-saving preferences.
- Save-Data: The
Save-Datahint is a boolean token ("on"or absent) indicating the user has enabled a data-reduction mode in their browser, signaling the server to serve compressed images, defer non-critical assets, and minimize total bytes transferred. - Sec-CH-UA-Form-Factors: A structured hint indicating the device's primary usage mode, such as
"Desktop","Mobile","Tablet","XR", or"Automotive", enabling server-side adaptive layout decisions. - Downlink and RTT: Legacy network hints like
Downlink(estimated bandwidth in Mbps) andRTT(round-trip time in ms) are being replaced by the more structured Network Information API but remain in use for progressive enhancement.
User-Agent String vs. User-Agent Client Hints
Comparison of the legacy User-Agent string and the modern User-Agent Client Hints API for browser and crawler identification
| Feature | User-Agent String | User-Agent Client Hints |
|---|---|---|
Data granularity | Monolithic single string | Granular key-value pairs |
Passive fingerprinting surface | High (OS, browser, engine, version) | Low (only requested attributes exposed) |
Privacy-preserving | ||
Requires explicit server request | ||
Passive OS fingerprinting via TTL/TCP stack | Complements string analysis | Unchanged (network-layer separate) |
GREASE compatibility | Vulnerable to hardcoded parsing | Designed for GREASE resilience |
Browser automation detection | navigator.webdriver + string parsing | Sec-CH-UA header inspection |
Crawler self-identification | Custom token in string | Sec-CH-UA brand with bot identifier |
Frequently Asked Questions
Essential questions about the privacy-preserving mechanism replacing the monolithic User-Agent string with granular, verifiable browser attributes.
User-Agent Client Hints (UA-CH) are a privacy-preserving mechanism defined by the W3C that replaces the monolithic User-Agent string with a set of granular, request-scoped HTTP headers. Instead of passively receiving a single, verbose string containing the browser, operating system, and device model, the server actively requests only the specific attributes it needs. The process begins with the server advertising required hints via an Accept-CH response header. On subsequent requests, the client sends structured headers like Sec-CH-UA (browser name and version), Sec-CH-UA-Platform (operating system), and Sec-CH-UA-Mobile (mobile form factor indicator). This model prevents passive fingerprinting by default, as the high-entropy data that uniquely identifies users is only transmitted upon explicit server request and under the client's control, aligning with the privacy-by-design principles of initiatives like Google's Privacy Sandbox.
Enabling Efficiency, Speed & Accuracy
Intelligent Analysis, Decision & Execution
We build AI systems for teams that need search across company data, workflow automation across tools, or AI features inside products and internal software.
Talk to Us
Search across company data
Give teams answers from docs, tickets, runbooks, and product data with sources and permissions.
Useful when people spend too long searching or get different answers from different systems.

Automate internal workflows
Use AI to route work, draft outputs, trigger actions, and keep approvals and logs in place.
Useful when repetitive work moves across multiple tools and teams.

Add AI to products and internal tools
Build assistants, guided actions, or decision support into the software your team or customers already use.
Useful when AI needs to be part of the product, not a separate tool.
Related Terms
Understanding User-Agent Client Hints requires familiarity with the broader ecosystem of crawler identification, fingerprinting, and access control protocols.

About the author
Prasad Kumkar
CEO & MD, Inference Systems
Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.
His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.
Partnered with leading AI, data, and software stack.
How We Work
Custom AI workflows for your Business
One-fit-all AI don't work for modern businesses. At Inferensys, we aim to understand your business & custom requirements; which we use to define most efficient agentic workflows, the data, and the tools for your business.
01
Review the use case
We understand the task, the users, and where AI can actually help.
Read more02
Pick the right approach
We define what needs search, automation, or product integration.
Read more03
Build the first useful version
We implement the part that proves the value first.
Read more04
Improve from there
We add the checks and visibility needed to keep it useful.
Read moreThe first call is a practical review of your use case and the right next step.
Talk to Us