Java and OkHttp user agents
JVM HTTP clients send recognisable default user agents: Java's built-in URL connection uses a Java/version token, and the widely used OkHttp library uses an okhttp/version token. Both mark scripted or app traffic from the Java ecosystem, including many Android apps. This page covers the two patterns.
Two JVM default tokens
The Java platform's built-in HTTP client (the classic URLConnection) sends a default user agent containing a Java/version token. Separately, OkHttp — a very widely used HTTP client library — sends an okhttp/version token by default.
Both identify a JVM-based client rather than a browser. OkHttp in particular is common inside Android apps, so an okhttp token often represents app-originated traffic rather than a desktop script.
- Java built-in client: a Java/version token
- OkHttp library: an okhttp/version token
- OkHttp is common inside Android apps
Reading JVM client traffic
Seeing Java/ or okhttp/ tokens is routine: server-side integrations, backend jobs, and Android apps making API calls all produce them. The token says nothing about intent on its own — judge by rate, paths, and rule compliance.
Both defaults can be overridden, and many apps set their own user agent on top of OkHttp, so the absence of these tokens does not rule out a JVM client. Match on the stable token and confirm specifics against the respective documentation.
How it appears in analytics and logs
A Java/version token is the JVM's built-in HTTP client; an okhttp/version token is the OkHttp library, common in Android apps. Both are non-browser clients, with acceptability judged by behaviour.
Diagnostic use case
Recognise JVM HTTP clients by the Java/ and okhttp/ default tokens so server-to-server and Android app traffic is counted as automation.
What WebmasterID can help detect
WebmasterID recognises the Java/ and okhttp/ default tokens server-side and classifies them as automation, separate from human analytics, with unknown clients kept in an honest bucket.
Common mistakes
- Treating every Java or OkHttp hit as malicious.
- Assuming an okhttp token is always a desktop script rather than an Android app.
- Expecting the default token when apps frequently override it.
Privacy and accuracy notes
These tokens name libraries, not a person. WebmasterID records such requests as bot events, never as human profiles.
Related pages
- Go-http-client user agent
Programs built with Go's standard net/http client send a default user agent of the form Go-http-client/x.y. Seeing it means a Go application made the request — common for backend services, CLIs, and integrations. It is honest automation, not a browser, and the default can be overridden. This page covers the pattern.
- API client user agents (Postman, etc.)
Developers exercise APIs with tools like Postman, Insomnia, and HTTPie, each of which sends a recognisable default user agent (for example a PostmanRuntime token). Seeing these means someone is testing or scripting against your API, not browsing your pages. This page covers the patterns and how to read them.
- Bot vs human traffic
Separate scripted and library clients from real browser visits.
Sources and verification notes
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.