Symfony HttpClient user agent
Symfony HttpClient is the HTTP client component of the Symfony PHP framework. By default it sends a user agent that names the Symfony HttpClient unless the developer overrides it. Seeing that token marks a request as scripted PHP traffic — an integration, API call, or server-side fetch — rather than a human browser.
What this means
Symfony is a widely used PHP framework, and its HttpClient component is a common way for PHP apps to make outbound HTTP requests. When the developer does not set a custom user agent, the component sends a default that identifies the Symfony HttpClient.
This is general-purpose: the traffic could be an API integration, a webhook, a feed fetch, or a scraper. The token tells you the tool, not the intent.
How it appears
Look for a Symfony HttpClient product token followed by a version, with none of the browser compatibility chain. As with all libraries, the default is easily overridden, so well-built clients may send a custom or browser-like string instead.
Match on the Symfony HttpClient token to catch defaults, but do not assume its absence means no Symfony client. Treat the string as a claim.
- Default user agent names the Symfony HttpClient with a version
- No browser compatibility chain in the default string
- Easily overridden with a custom user agent
How it appears in analytics and logs
A user agent naming the Symfony HttpClient indicates a PHP application using that component to make requests. It is automation — backend integration or scripted fetching — not a human page view.
Diagnostic use case
Identify server-side PHP traffic made with Symfony HttpClient, separate it from browser visits, and recognise that a custom user agent can hide the component.
What WebmasterID can help detect
WebmasterID classifies the Symfony HttpClient default token as scripted, non-browser traffic, helping keep server-side PHP requests out of human analytics.
Common mistakes
- Assuming all Symfony HttpClient traffic shows the default token — custom UAs hide it.
- Counting these server-side requests as human page views.
- Reading the token as proof of malicious intent rather than just the tool.
Privacy and accuracy notes
The token identifies the HTTP component, not a person. WebmasterID reads it as a coarse automation signal and never links it to an individual.
Related pages
- Guzzle PHP HTTP client user agent
Guzzle is a widely used PHP HTTP client. Its default user agent contains a GuzzleHttp token together with a version and language details, so default-configured Guzzle traffic is easy to spot. Many PHP applications override it, so the token is a strong-but-optional signal. It is server-side automation, not a human visit.
- curl, wget and script user agents
Command-line and library HTTP clients send a default user agent that names the tool: curl/x.y, Wget, python-requests, Go-http-client, and similar. These are scripts, not browsers, and seeing them is normal. This page explains the patterns and how to treat them without over- or under-reacting.
- Detecting automation from user agents
You can use the user agent as a first signal for spotting automation — tool tokens, headless markers, missing strings — but it is never conclusive, because any client can change it. Reliable detection pairs the UA with verification and behaviour, and records honest unknowns. This page explains a sound approach.
- Bot intelligence
Surface server-side PHP HTTP traffic separately from human visits.
Sources and verification notes
- Symfony — HttpClient component documentationDefault user agent identifies the Symfony HttpClient; version not pinned.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.