User-agent reference: read, classify, and trust UA strings

A user-agent string is a self-reported label, not an identity. This page explains how declared bots name themselves, why almost every UA still starts with the legacy Mozilla token, and how to read the difference between an automated client and a real browser without over-trusting the string.

Spoofing a user agent is trivial — any client can claim to be Googlebot or a normal browser. This page explains why spoofing happens, the common fake-crawler patterns, and the verification methods that turn a claimed identity into a confirmed one.

A browser user-agent string packs several tokens into one line: a legacy Mozilla prefix, a rendering-engine signature, the platform, and the browser itself. This page explains each part so you can read a UA without over-reading it, because the contents are client-controlled and can be copied by any client.

Chrome's user-agent string is full of historical artefacts: it claims AppleWebKit and Safari for compatibility even though Chrome uses the Blink engine. Google has also reduced the detail Chrome exposes in the UA, moving fine-grained information into User-Agent Client Hints. This page explains the pattern and the quirks.

Safari's user agent is built around WebKit and a Version token, and differs between macOS and iOS. A notable quirk is that iPadOS can present a desktop-class Safari user agent, which can make an iPad look like a Mac in logs. This page covers the pattern and the platform-specific behaviour.

Firefox's user agent is built around the Gecko engine token and a trailing Firefox product token. Compared with other browsers it has been relatively stable and predictable, which makes it straightforward to recognise. This page covers the pattern and how to tell Firefox apart from WebKit and Chromium clients.

Mobile user agents carry platform descriptors like iPhone or Android and often a Mobile token, but tablets and in-app browsers complicate the picture. An in-app browser (inside a social or messaging app) usually adds its own token to the string. This page explains the patterns and their pitfalls.

Headless browsers run a real browser engine without a visible window, and are widely used for testing and scraping. Headless Chrome historically exposed a HeadlessChrome token, though automation can also wear an ordinary browser string. This page explains the patterns and why headless traffic is automation.

When someone pastes your link into a social or messaging app, a preview bot fetches the page to build a card from your Open Graph and Twitter Card tags. Bots like facebookexternalhit, Twitterbot, Slackbot, Discordbot, and LinkedInBot identify themselves by token. This page covers what they are and why they hit you.

Uptime and synthetic monitoring tools repeatedly request your site to check availability and response time. Tools such as UptimeRobot and Pingdom usually identify themselves in the user agent. Their traffic is expected, periodic, and automated. This page explains how to recognise it and keep it out of human analytics.

SEO platforms run their own crawlers to build backlink indexes and audit data. Bots such as AhrefsBot, SemrushBot, and DotBot identify themselves with a documented token and honour robots.txt. They are not search-engine indexers. This page explains the family and how to recognise and control it.

AI crawlers from companies building and serving large models fetch public web content. Their user agents follow a recognisable shape: a product token plus a self-identifying URL pointing at the operator's documentation. This page explains how to read the AI-crawler pattern and links to the AI-crawlers hub for specifics.

Command-line and library HTTP clients send a default user agent that names the tool: curl/x.y, Wget, python-requests, Go-http-client, and similar. These are scripts, not browsers, and seeing them is normal. This page explains the patterns and how to treat them without over- or under-reacting.

The User-Agent header is not mandatory, so some requests arrive with an empty string or no header at all. This usually points to a script, a misconfigured client, or an old device — not a specific identity. This page explains what a missing UA means and how to handle it without over-blocking.

User-Agent Client Hints are HTTP headers (the Sec-CH-UA family) that let a site request specific browser, platform, and version detail rather than reading it all from one passive string. They underpin UA reduction: the raw user agent is shrinking, and finer detail moves to opt-in hints. This page explains the model.

People often want to tell datacenter traffic from residential traffic, but the user-agent string carries no network information at all. Network type is a separate, IP-derived signal that must be paired with verification, and described carefully to stay privacy-safe. This page explains what the UA can and cannot tell you.

Modern Microsoft Edge is built on Chromium, so its user agent looks like Chrome's but carries an additional Edg/ product token near the end. That Edg/ marker is how you distinguish Edge from Google Chrome and other Chromium browsers in logs. This page explains the pattern and its pitfalls.

Opera switched to the Chromium engine, so its user agent resembles Chrome's but adds an OPR/ product token at the end. That OPR/ marker is how you tell Opera apart from Chrome and Edge in logs. This page covers the pattern and the historical Presto-era caveat.

Samsung Internet is the default browser on many Samsung Android devices. Built on Chromium, its user agent looks Chrome-like but carries a SamsungBrowser product token. That token is how you recognise Samsung Internet traffic, which is a meaningful share of mobile visits on Samsung hardware.

Brave is a privacy-focused Chromium browser that, by design, does not advertise itself in the user-agent string. It mirrors Chrome's user agent so sites cannot single Brave users out and to avoid breaking UA-sniffing sites. This page explains why Brave is hard to detect from the UA and why that is intentional.

Internet Explorer is retired, but its user-agent patterns still appear. Older IE used an MSIE token; IE 11 dropped MSIE and is recognised by a Trident engine token instead. Today, genuine IE traffic is rare, so these strings frequently come from old devices, embedded clients, or bots imitating a browser.

Android WebView is the embedded browser component native apps use to show web content in-app. Its user agent is Chrome-like but includes a wv token, signalling the request came from inside an app rather than a standalone Chrome. This page explains the pattern and why WebView traffic is a distinct context.

When a link opens inside an iOS app's embedded browser, the page renders with WebKit but the user agent often lacks the trailing Safari token that standalone Safari carries. That missing-Safari-token quirk, sometimes with an app-specific marker, is the clue that you are seeing in-app browsing on iOS rather than Safari.

Tablets are the hardest device class to read from a user agent. iPadOS requests desktop-class pages by default, so an iPad can look like a Mac, and many Android tablets omit the Mobile token that phones include. This page explains why tablet detection from the UA alone is unreliable and how to handle it.

Smart TVs and game consoles have built-in browsers and embedded webviews whose user agents include device-specific tokens — a SMART-TV marker, a platform name, or a console identifier. Recognising these connected-TV (CTV) and console tokens separates living-room devices from phones and desktops in your traffic.

The popular Python requests library sends a default user agent in the form python-requests/x.y. Seeing it means a Python script made the request — for an integration, a scraper, a webhook, or your own code. It is honest automation, not a browser, though the default can be overridden. This page covers the pattern.

Programs built with Go's standard net/http client send a default user agent of the form Go-http-client/x.y. Seeing it means a Go application made the request — common for backend services, CLIs, and integrations. It is honest automation, not a browser, and the default can be overridden. This page covers the pattern.

JVM HTTP clients send recognisable default user agents: Java's built-in URL connection uses a Java/version token, and the widely used OkHttp library uses an okhttp/version token. Both mark scripted or app traffic from the Java ecosystem, including many Android apps. This page covers the two patterns.

Developers exercise APIs with tools like Postman, Insomnia, and HTTPie, each of which sends a recognisable default user agent (for example a PostmanRuntime token). Seeing these means someone is testing or scripting against your API, not browsing your pages. This page covers the patterns and how to read them.

Feed readers and aggregators such as Feedly fetch your RSS or Atom feed on a schedule so subscribers see new posts. They identify themselves with a recognisable token and sometimes report how many subscribers they poll on behalf of. This page explains the pattern and why feed-reader hits are automation, not visits.

The public web receives constant probing from security scanners — vulnerability tools, research crawlers, and internet-wide scanners. Some identify themselves clearly in the user agent; others mimic browsers. This page explains why probing is expected background noise and why reacting with blanket blocks can do more harm than good.

Separate from background training crawlers, AI assistants make real-time fetches when a person asks them to read or browse a page. These use distinct tokens — ChatGPT-User, Claude-User, Perplexity-User — each with a self-identifying URL. This page explains the assistant-fetch pattern and links to the AI-crawlers hub.

Parsing user agents by hand with regular expressions is fragile and breaks as strings evolve. The safer approach is to use a maintained UA library, store a coarse category rather than each visitor's raw string, and treat the result as a hint, not an identity. This page sets out a privacy-safe parsing approach.

User-agent reduction is Chrome's effort to freeze and trim the legacy user-agent string, removing fine-grained OS and full-version detail. The information is not gone; it moves to opt-in User-Agent Client Hints. This page explains what reduction changed and how detection should migrate to Client Hints.

You can use the user agent as a first signal for spotting automation — tool tokens, headless markers, missing strings — but it is never conclusive, because any client can change it. Reliable detection pairs the UA with verification and behaviour, and records honest unknowns. This page explains a sound approach.

WordPress and other content systems generate server-side HTTP requests that carry their own user agents — notably WordPress pingback requests and loopback calls the site makes to itself. These can look like external bots in logs but are often your own CMS. This page explains the patterns so you read them correctly.

Vivaldi is a Chromium-based browser from Vivaldi Technologies. Because it is built on Chromium, its user-agent string follows the Chrome pattern and may include a Vivaldi version token; on some platforms Vivaldi reports a Chrome-only string with no Vivaldi marker. Treat it as a real human browser, not automation.

Yandex Browser is a Chromium-based desktop and mobile browser developed by Yandex and widely used in Russia and neighbouring markets. Its user agent follows the standard Chrome structure with an added YaBrowser product token. It is a human browser and is distinct from the YandexBot search crawler.

UC Browser is a mobile-first browser developed by UCWeb (an Alibaba company), widely used in India, Indonesia, and other South and Southeast Asian markets. Its user agent commonly carries a UCBrowser product token. Some configurations route traffic through a compression proxy, which can affect how requests appear.

Tor Browser is a privacy-focused browser built on Firefox Extended Support Release. By design it sends a uniform, standardised user-agent string so that every Tor user looks the same, which is an anti-fingerprinting measure. Requests typically arrive from Tor exit nodes, so the source IP is an exit relay, not the user.

node-fetch and axios are widely used HTTP client libraries for Node.js. By default they send library-style user-agent tokens (node-fetch sets one automatically; axios may send a default or none depending on version and environment). Requests from these libraries are scripts or servers, not human browsers.

Accept-Language and User-Agent are different HTTP headers that answer different questions. Accept-Language expresses the visitor's preferred languages and locales; User-Agent identifies the client software and platform. Mixing them up leads to wrong localisation and brittle detection. Both are client-supplied claims and can be absent or altered.

DuckDuckGo offers privacy-focused browser apps on mobile and desktop. Because they build on the platform's native web view, their user agents tend to resemble Safari (on Apple platforms) or a Chromium-based string, and may not always carry an obvious DuckDuckGo marker. Distinct from DuckDuckBot, the search crawler.

Amazon Silk is the default browser on Fire tablets, Fire TV, and Echo Show devices. It is Chromium-based, so its user agent follows the Chrome pattern and adds a Silk product token. Silk has historically offered a cloud-accelerated mode that routes fetches through Amazon's infrastructure to speed up rendering.

KaiOS is a lightweight operating system for smart feature phones, built on a fork of Firefox OS (Gecko). Its browser therefore presents a Gecko/Firefox-style mobile user agent, often with a KAIOS token. These devices are common in price-sensitive markets and have small screens and keypad navigation.

Browsers on Windows include a Windows NT platform token in the legacy user-agent string. The NT version number has been effectively frozen, so it identifies the Windows family but not the marketing version — Windows 10 and Windows 11 share the same NT 10.0 token. Use Client Hints for finer platform detail.

Browsers on macOS include a Macintosh; Intel Mac OS X platform token. The macOS version embedded in it is frozen or capped by modern browsers, so it confirms macOS but not the precise release, and it still says Intel even on Apple Silicon for compatibility. Use Client Hints for finer detail.

Desktop browsers on Linux include an X11; Linux platform token, usually with an architecture marker such as x86_64. The token confirms a Linux desktop browser but rarely identifies the distribution, and Linux strings are also common among servers, headless tools, and bots, so context matters.

Browsers on Android include a Linux; Android platform token with an OS version, and historically a device model identifier. With user-agent reduction, Chrome on Android now sends a generic device token instead of the real model, so model-based detection no longer works and Client Hints are needed for device detail.

Browsers on iOS report an iPhone or iPad platform token with an iOS version and a WebKit/Safari structure. Because Apple requires browsers on iOS to use the WebKit engine, Chrome, Firefox, Edge, and others on iOS share a Safari-like user agent, distinguished only by an added product token where present.

Chrome on ChromeOS includes a CrOS platform token with an architecture marker, distinguishing Chromebooks from other desktop platforms. The rest of the user agent follows the standard Chrome structure. ChromeOS can also run Android apps, whose web views may report Android tokens instead.

libwww-perl, commonly abbreviated LWP, is a long-established HTTP client library for Perl. Its default user agent contains a libwww-perl token with a version. Because it has been a default in many simple scripts and scrapers for decades, the raw token is widely treated as a sign of automated, non-browser traffic.

Ruby applications make HTTP requests through the standard net/http library and popular wrappers like Faraday. These send library-style default user agents — for example a Ruby token from net/http or a Faraday token — that identify server-side Ruby automation rather than a human browser. Defaults are commonly customised.

.NET's HttpClient is the standard HTTP client for .NET applications. By default it does not add a User-Agent header at all, so requests from .NET apps frequently arrive with no user agent unless the developer sets one. When set, it is a custom application string, not a fixed .NET browser token.

Apache HttpClient, part of the Apache HttpComponents project, is a widely used Java HTTP client. Its default user agent contains an Apache-HttpClient token with a version. It is one of several common Java HTTP clients (alongside OkHttp and the JDK's own client) and marks server-side automation, not a browser.

GNU Wget is a non-interactive command-line tool for downloading files and mirroring sites over HTTP, HTTPS, and FTP. Its default user agent contains a Wget product token with a version. The raw token is a long-standing signal of scripted downloading, though it is trivially changed with a flag.

Analytics platforms parse the user-agent string to report browser, operating system, and device-type breakdowns. Because the user agent is client-supplied, increasingly reduced, and easily spoofed — and because bots send their own strings — these breakdowns are useful approximations, not exact device censuses.

User-agent sniffing means changing site behaviour based on substrings in the User-Agent header. It is fragile: it misfires on new or unexpected browsers, breaks as user agents are reduced, and is easily defeated by spoofing. Feature detection and Client Hints are more robust approaches for most cases.

Twitterbot is the crawler operated by X (formerly Twitter) to fetch a shared URL and read its Open Graph and Twitter Card metadata so it can render a preview card in a post. It is a link-unfurling bot, not a human visit, and identifies itself with a documented Twitterbot user-agent token.

facebookexternalhit is the user-agent token used by Meta's crawler when it fetches a shared URL to read Open Graph metadata and render a link preview on Facebook and Messenger. It is a preview-generation bot, not a human visit, and is documented in Meta's sharing tooling.

Slackbot is the crawler Slack uses to fetch a URL shared in a channel or DM so it can build the message unfurl from Open Graph (and where supported oEmbed) metadata. It is a link-unfurling bot, not a human visit, and identifies itself with a documented Slackbot user-agent token plus a self-identifying URL.

Discordbot is the crawler Discord uses to fetch a URL shared in a channel so it can render the embed preview from Open Graph and oEmbed metadata. It is a link-unfurling bot, not a human visit, and identifies itself with a documented Discordbot user-agent token plus a self-identifying URL.

LinkedInBot is the crawler LinkedIn uses to fetch a shared URL and read its Open Graph metadata so it can render the link preview attached to a post. It is a preview-generation bot, not a human visit, and identifies itself with a documented LinkedInBot user-agent token plus a self-identifying URL.

TelegramBot is the crawler Telegram uses to fetch a URL shared in a chat so it can render the link preview from Open Graph and standard page metadata. It is a preview-generation bot, not a human visit, and identifies itself with a documented TelegramBot user-agent token.

When a link is shared in WhatsApp, the app fetches the URL to build the rich link preview from Open Graph metadata. The fetch is identified by a user agent containing the WhatsApp token. It is a preview-generation request, not a human visit.

Pinterest operates a crawler that fetches URLs to validate Rich Pin metadata and build pin previews. It identifies itself with a Pinterest user-agent token and a self-identifying URL, and honours robots.txt. It is a crawler, not a human visit.

Embedly and Iframely are third-party services that generate rich embed cards and previews from a URL's oEmbed and Open Graph metadata, used by many publishing and chat tools. Their crawlers fetch your pages on behalf of those apps and identify themselves with documented tokens. They are bots, not human visits.

Scrapy is a popular Python web-scraping and crawling framework. Out of the box its requests carry a default user agent containing the Scrapy token and version, but operators frequently override it, so a Scrapy token is a strong signal while its absence does not rule scraping out. It is automation, not a human visit.

Playwright and Puppeteer are browser-automation libraries that drive real Chromium, Firefox, or WebKit instances. Because they use the actual browser engine, their default user agent matches a normal browser — sometimes with a HeadlessChrome marker — so the user agent alone rarely reveals them. Detection relies on automation signals, not the string.

Selenium automates real browsers through the W3C WebDriver protocol. Because it controls an actual browser, its user agent is the browser's own, with no Selenium token by default. The reliable tell is the WebDriver automation state (navigator.webdriver) and behavioural signals, not the user-agent string.

Guzzle is a widely used PHP HTTP client. Its default user agent contains a GuzzleHttp token together with a version and language details, so default-configured Guzzle traffic is easy to spot. Many PHP applications override it, so the token is a strong-but-optional signal. It is server-side automation, not a human visit.

HTTPie is a human-friendly command-line HTTP client used for testing and scripting APIs. Its default user agent contains an HTTPie token and version, so default HTTPie requests are easy to recognise. Like other CLI clients, the header can be overridden. It is manual or scripted automation, not a browser visit.

Colly is a popular Go web-scraping framework. Its default user agent contains a colly token and version, so default-configured Colly crawls are identifiable, but operators commonly override the UA. Built on Go's HTTP stack, it is scraping automation, not a human visit.

Datadog Synthetics and New Relic Synthetics run scheduled checks that fetch your site from monitoring locations to measure uptime and performance. Their requests carry identifying tokens (Datadog/Synthetics and New Relic markers) so they can be recognised. They are monitoring bots you usually run yourself, not human visits.

Nagios and Icinga are open-source monitoring systems that probe HTTP endpoints with check plugins (such as check_http) to verify availability. Those checks often send a recognisable monitoring user agent and run on a fixed schedule. They are infrastructure monitors you run yourself, not human visits.

OWASP ZAP (Zed Attack Proxy) is an open-source web application security scanner used in penetration testing and CI security checks. Its requests can carry a ZAP user agent, though it can be configured to spoof a browser. Seeing ZAP means a security scan is hitting the site — ideally an authorised one.

Nuclei is a fast, template-based vulnerability scanner widely used in security testing and, by attackers, for mass probing. Its requests can carry a Nuclei user agent, though it is frequently configured to hide or randomise it. Seeing Nuclei means template-driven vulnerability scanning is hitting the site.

masscan is a high-speed network port scanner. It and similar tools probe IP ranges to find open ports and services; when they touch a web port they typically send minimal or no HTTP user agent. Recognising this scanning is about request shape and network behaviour more than the user-agent string.

Blocking traffic by matching user-agent substrings is a tempting but flawed bot defence. Hostile clients simply spoof a browser user agent to slip past, while legitimate browsers, accessibility tools, and beneficial bots get caught by over-broad rules. UA blocklists are a weak, high-collateral control compared with behaviour and verification.

User-agent allowlisting — permitting only requests whose user agent matches an approved list — is the inverse of blocklisting and shares its core flaw: the user agent is a client-controlled claim. It blocks legitimate browsers, new versions, and assistive tools while being trivially bypassed by anyone who copies an allowed string.

Some setups apply rate limits per user-agent string. Because the user agent is client-controlled, abusers rotate or randomise it to dodge limits, while many legitimate clients share identical user agents and can be throttled together unfairly. The user agent is a poor primary rate-limit key; it works better as a secondary signal.

Distinguishing mobile from desktop clients is one of the few user-agent checks still broadly reliable: mobile browsers include a Mobile token and platform markers. But user-agent reduction trims finer detail, so for form-factor decisions the modern, robust approach is the Sec-CH-UA-Mobile Client Hint and responsive design rather than deep UA parsing.

The user-agent string packs many details — browser, version, OS, device — whose combination adds entropy that contributes to browser fingerprinting. To reduce passive tracking, browsers freeze and reduce the user agent and move high-entropy detail behind explicitly requested Client Hints. Coarse use stays privacy-safe; aggregating detail to identify users does not.

QQ Browser is a Chromium-based web browser developed by Tencent and widely used in China. Like other Chromium-derived browsers, its user-agent string carries the standard Chrome and Safari compatibility tokens together with a QQBrowser product token that distinguishes it. Recognising that token helps you attribute traffic to QQ Browser rather than to generic Chrome.

Whale is a Chromium-based web browser developed by Naver and widely used in South Korea. Its user-agent string follows the Chromium layout — Chrome and Safari compatibility tokens included — with an added Whale product token that identifies it. Matching that token attributes traffic to Whale rather than to generic Chrome.

Lynx, w3m, and Links are text-mode (terminal) web browsers that render pages without images, CSS, or JavaScript. Their user-agent strings are short and typically begin with the program name, such as a Lynx product token. Seeing one tells you the request came from a text browser or a script using one, not a graphical browser.

aiohttp is an async HTTP client/server library for Python, and urllib is Python's built-in HTTP module. By default each sends a user agent naming the library — an aiohttp token or a Python-urllib token — unless the developer overrides it. Seeing these tokens marks a request as scripted Python traffic rather than a browser.

Sec-CH-UA-Platform and Sec-CH-UA-Mobile are User-Agent Client Hint request headers. Platform reports the operating-system family (such as Windows, macOS, or Android) and Mobile is a boolean for whether the client is a mobile device. Both are low-entropy hints sent by default in supporting Chromium browsers, offering coarse context without parsing the legacy user agent.

Feature detection checks at runtime whether a specific capability (an API, a CSS feature) is available, rather than inferring it from the user-agent string. It is more reliable than user-agent sniffing because it tests the actual environment instead of a self-reported, spoofable label. The user agent still has narrow, legitimate uses, but capability decisions should rest on feature detection.

Maxthon is a web browser that on modern versions is built on Chromium. Its user-agent string follows the Chromium layout and adds a Maxthon product token that identifies it. Recognising that token attributes traffic to Maxthon rather than to generic Chrome.

Pale Moon and SeaMonkey are independent browsers in the Gecko/Mozilla lineage. Pale Moon uses a Gecko-derived engine and SeaMonkey is an all-in-one internet suite. Their user-agent strings carry Gecko-family tokens together with their own product tokens (Goanna/PaleMoon for Pale Moon, SeaMonkey for SeaMonkey), distinguishing them from mainstream Firefox.

The Nintendo Switch includes a limited built-in web browser based on WebKit, used mainly for captive-portal logins and embedded views. Its user-agent string carries a NintendoBrowser product token alongside WebKit tokens, which identifies console traffic so you can separate it from desktop and mobile browsers.

PlayStation consoles include a WebKit-based web browser. Its user-agent string carries WebKit tokens together with a PlayStation platform token (such as a PlayStation 4 or PlayStation 5 indicator), which lets you recognise console web traffic and separate it from desktop and mobile browsers.

Roku streaming devices and Samsung's Tizen-based smart TVs issue HTTP requests whose user agents carry platform tokens such as a Roku token or a Tizen token. These mark living-room/TV-platform traffic, letting you separate smart-TV and streaming-device requests from desktop and mobile browsers.

Symfony HttpClient is the HTTP client component of the Symfony PHP framework. By default it sends a user agent that names the Symfony HttpClient unless the developer overrides it. Seeing that token marks a request as scripted PHP traffic — an integration, API call, or server-side fetch — rather than a human browser.

RestTemplate and WebClient are HTTP clients in the Spring framework for Java. Their default user agent reflects whatever underlying HTTP library they use, so it often appears as a generic Java or library token rather than a browser. Recognising these defaults helps you attribute server-side Java traffic from Spring applications.

Modern user-agent strings are stuffed with historical tokens — Mozilla/5.0, AppleWebKit, KHTML, like Gecko, Safari — that no longer mean what they say. They accumulated as browsers copied each other's tokens to pass server-side sniffing. Understanding this history explains why today's strings are misleading and why feature detection and Client Hints are preferred.

Writing your own regular expressions to parse user-agent strings is fragile: strings carry overlapping legacy tokens, Chromium browsers share Chrome and Safari tokens, and new browsers appear constantly. Hand-rolled patterns produce false matches and silently rot. A maintained user-agent parser, Client Hints, or feature detection are more durable approaches.

Content delivery networks and web application firewalls let you write rules that match the user-agent header to route, cache, rate-limit, or block requests. It is a convenient lever, but the user agent is self-reported and spoofable, so UA-based rules carry real pitfalls: cache fragmentation, blocking legitimate clients, and being trivially evaded by attackers.

Konqueror is the KDE desktop's web browser, historically powered by the KHTML engine — the codebase Apple forked to create WebKit. Its user-agent string carries Konqueror and KHTML tokens. Understanding it explains why so many modern user agents still include a KHTML-derived token, and identifies genuine Konqueror traffic.

GNOME Web, also known as Epiphany, is the default browser of the GNOME desktop, built on WebKitGTK. Its user-agent string carries WebKit tokens together with an Epiphany product token. Because it shares the WebKit engine with Safari, naive detection can confuse the two; the Epiphany token disambiguates genuine GNOME Web traffic.

User-Agent Client Hints separate coarse, default hints from high-entropy ones — full browser version list, platform version, architecture, bitness, and device model — that browsers do not send unless a site explicitly requests them via Accept-CH. They carry more identifying detail, so the browser can decline, and they should be requested only when genuinely needed.

urllib3 is a widely used Python HTTP library that powers the popular requests library and many other tools. By default it sends a user agent that names urllib3 with a version, unless the caller overrides it. Seeing that token marks a request as scripted Python traffic rather than a human browser.

Coc Coc is a Chromium-based browser developed in Vietnam and widely used there. Because it is built on Blink, its user agent looks Chrome-like but inserts an additional coc_coc_browser token with its own version. That token is the reliable signal that a visit came from Coc Coc rather than mainline Chrome.

Opera Mini is a data-saving browser that routes page rendering through Opera's servers rather than fully on the device. Its requests carry an Opera Mini token, and because the rendering proxy fetches resources, the originating IP is Opera infrastructure rather than the end user's network. That makes it distinct from on-device browsers.

Elixir applications often make outbound calls through HTTPoison, which sits on the Hackney HTTP client, while Dart and Flutter code commonly uses the official http package over dart:io. Each sends a default user agent that names the underlying library unless the developer overrides it, marking the request as scripted rather than a browser.

Adaptive serving means returning different markup, assets, or experiences based on the requesting client, often keyed on the user agent. It can deliver lighter pages to constrained devices, but UA-based branching is brittle: strings drift, edge cases proliferate, and a wrong guess degrades real users. Client hints and feature detection are the more durable approach.

RestSharp is a popular HTTP client for .NET, and Unirest is a lightweight request library available across several languages. Both send a default user agent that names the library unless the developer sets a custom one. Seeing those tokens marks a request as a programmatic REST call from an application, not a human browsing a page.

User-agent strings have grown long thanks to layered compatibility tokens, and intermediaries sometimes cap their length. A database column, log format, or proxy that truncates the string silently corrupts downstream parsing, turning a known browser into an unknown one. Knowing where truncation happens helps you keep UA data intact.

Opera GX is a variant of the Opera browser aimed at gamers, built on the same Chromium foundation as standard Opera. Like Opera, it identifies with an OPR token alongside a Chrome token, which means GX and regular Opera look similar in the user agent and are easy to conflate without close inspection.

Puffin is a browser from CloudMosa that offloads rendering to cloud servers and streams a compressed result to the device. Its user agent carries a Puffin token, and because the cloud does the fetching, requests reach your origin from CloudMosa infrastructure rather than the end user's own network — similar in spirit to other proxy browsers.

Midori and Falkon are lightweight, open-source desktop browsers popular in minimal Linux environments. Their user agents follow the engine each is built on at a given time, so they can look Chromium-like or WebKit-like rather than carrying a unique, headline brand token. That makes them low-volume but legitimate human browser traffic.

Otter Browser is an open-source project that aims to recreate the look and feel of the classic, pre-Chromium Opera. It is built on a web engine and presents a user agent shaped by that engine, sometimes with an Otter token. It is a low-volume, legitimate human browser rather than any kind of automated client.

Ecosia, known for its tree-planting search engine, also offers its own Chromium-based browser on desktop and mobile. Because it is built on Blink, its user agent looks Chrome-like, and it may add an Ecosia or EcosiaApp token. That token, where present, distinguishes Ecosia browser sessions from mainline Chrome.

HttpURLConnection is the HTTP client built into the Java standard library. When code uses it without setting a custom header, it sends a default user agent that names the Java runtime. Seeing that token marks a request as scripted JVM traffic from plain standard-library code rather than a browser or a higher-level client.

Typhoeus is a Ruby HTTP client that wraps libcurl to make fast, parallel requests, often used for crawling and bulk API work. By default it sends a user agent that names the Typhoeus library unless the caller overrides it. That token marks a request as scripted Ruby traffic rather than a human browser.

Dynamic serving means returning different HTML to different user agents at the same URL — for example a mobile variant to phones. For SEO this is allowed in principle but risky: if crawlers receive materially different content from users, it edges toward cloaking. Treating search bots the same as the human they emulate is the safe rule.

Most web servers record the User-Agent header of every request in their access logs. That field is a primary source for understanding who and what reaches your site, but it is self-reported by the client, so it can be blank, generic, or spoofed. Reading server-log user agents well means treating them as claims to corroborate, not facts.

Bot-detection and WAF products often compute a bot score that estimates how likely a request is automated. The user agent is one input, but a weak one on its own: it is trivially spoofable and frequently blank or generic on legitimate clients. Over-weighting the UA leads to both missed bots and blocked humans.

A/B testing assigns visitors to variants to compare outcomes. The user agent matters twice: bot and crawler traffic should be excluded so automation does not pollute results, and assigning variants by user agent rather than at random biases the experiment. Clean UA filtering in, random assignment within — that is the safe pattern.

Web-server access logs follow conventional formats, and the user agent lives in a known position within them. The widely used combined log format appends the referrer and user agent to the common format, while JSON log formats give the user agent a named key. Knowing where the field sits prevents mis-parsing and quoted-string mistakes.