Tor Browser user agent
Tor Browser is a privacy-focused browser built on Firefox Extended Support Release. By design it sends a uniform, standardised user-agent string so that every Tor user looks the same, which is an anti-fingerprinting measure. Requests typically arrive from Tor exit nodes, so the source IP is an exit relay, not the user.
What this means
Tor Browser is based on Firefox ESR and is configured to maximise anonymity. One of its core protections is user-agent uniformity: all Tor Browser users on a given platform send the same string, so the user agent cannot be used to single anyone out.
This is the opposite of a custom or spoofed user agent. The uniformity is the feature. Seeing many visitors with an identical Firefox ESR string, especially from Tor exit relays, is the expected footprint of Tor Browser.
Why the IP is an exit node
Tor routes traffic through a circuit of relays, so the request reaching your server originates from a Tor exit node. The exit-node IP is shared infrastructure and says nothing about where the user actually is.
Do not infer location from the exit IP, and do not treat all Tor traffic as malicious. Some operators choose to allow Tor for privacy reasons; others restrict it. Either way, the decision should be policy, not an assumption that Tor equals a bot.
- Engine: Firefox ESR with a deliberately uniform user agent
- Source IP: a Tor exit relay, not the user's network
- Uniform UA is an anti-fingerprinting design, not spoofing
Handling Tor traffic
If you need to make decisions about Tor, base them on the exit-relay origin (published lists of exit nodes exist) rather than on trying to fingerprint the browser, which Tor specifically defeats.
Respect the privacy intent: avoid logging anything that could narrow down an individual Tor user, and never present exit-node geolocation as the visitor's real location.
How it appears in analytics and logs
A uniform Firefox ESR-pattern user agent arriving from a known Tor exit node indicates a human using Tor Browser. The identical string across many users is intentional uniformity, not spoofing, and the exit-node IP does not reveal the user's location.
Diagnostic use case
Understand why a cohort of visitors share an identical Firefox ESR user agent and arrive from Tor exit relays, and decide how to treat privacy-network traffic.
What WebmasterID can help detect
WebmasterID can recognise the uniform Tor Browser user-agent pattern and exit-node origin as a privacy-network human visit, keeping it distinct from automation without attempting any fingerprinting or de-anonymisation.
Common mistakes
- Treating the identical Tor user agent across many visitors as coordinated spoofing.
- Inferring a visitor's location from the Tor exit-node IP.
- Assuming all Tor traffic is malicious automation by default.
Privacy and accuracy notes
Tor Browser is engineered to prevent fingerprinting and to hide location. WebmasterID respects this: it records only that a request used a Tor-pattern user agent or exit relay, never attempting to de-anonymise the visitor or infer their real location.
Related pages
- Firefox user agent pattern
Firefox's user agent is built around the Gecko engine token and a trailing Firefox product token. Compared with other browsers it has been relatively stable and predictable, which makes it straightforward to recognise. This page covers the pattern and how to tell Firefox apart from WebKit and Chromium clients.
- Datacenter vs residential traffic signals
People often want to tell datacenter traffic from residential traffic, but the user-agent string carries no network information at all. Network type is a separate, IP-derived signal that must be paired with verification, and described carefully to stay privacy-safe. This page explains what the UA can and cannot tell you.
- Spoofed and fake user agents: what to watch for
Spoofing a user agent is trivial — any client can claim to be Googlebot or a normal browser. This page explains why spoofing happens, the common fake-crawler patterns, and the verification methods that turn a claimed identity into a confirmed one.
- Privacy-first analytics
Measurement that respects privacy networks without de-anonymising visitors.
Sources and verification notes
- Tor Project — Tor BrowserUniform UA for anti-fingerprinting; Firefox ESR base.
- Tor Project — fingerprinting design
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.