urllib3 user agent
urllib3 is a widely used Python HTTP library that powers the popular requests library and many other tools. By default it sends a user agent that names urllib3 with a version, unless the caller overrides it. Seeing that token marks a request as scripted Python traffic rather than a human browser.
What this means
urllib3 is one of the most-installed Python packages because it underpins requests and other clients. When code uses urllib3 directly and does not set a custom user agent, it sends a default that names urllib3 with a version.
Note the relationship: the popular requests library sends its own python-requests default rather than a bare urllib3 token, even though requests is built on urllib3. A bare urllib3 token usually means direct use of the lower-level library.
How it appears
Look for a urllib3 product token followed by a version, with none of the browser compatibility chain. As with any library, the default is trivially overridable, so many tools replace it with a custom or browser-like string.
Match on the urllib3 token to catch defaults, but do not assume its absence means no urllib3 client — requests-based and custom-UA clients hide it. Treat the string as a claim.
- Default user agent names urllib3 with a version
- requests sends python-requests, not a bare urllib3 token
- Easily overridden with a custom user agent
How it appears in analytics and logs
A user agent naming urllib3 with a version indicates a Python program using urllib3 directly. It is automation — an API call, integration, or scraper — not a human page view.
Diagnostic use case
Identify scripted Python traffic made directly with urllib3, distinguish it from the requests default, and recognise that a custom user agent can hide it.
What WebmasterID can help detect
WebmasterID classifies the urllib3 default token as scripted, non-browser traffic, helping keep direct-urllib3 automation out of human analytics.
Common mistakes
- Assuming all urllib3-based traffic shows a urllib3 token — requests and custom UAs hide it.
- Counting urllib3 requests as human page views.
- Reading the token as proof of malicious intent rather than just the tool.
Privacy and accuracy notes
The urllib3 token identifies the HTTP library, not a person. WebmasterID reads it as a coarse automation signal only.
Related pages
- python-requests user agent
The popular Python requests library sends a default user agent in the form python-requests/x.y. Seeing it means a Python script made the request — for an integration, a scraper, a webhook, or your own code. It is honest automation, not a browser, though the default can be overridden. This page covers the pattern.
- aiohttp and urllib user agents
aiohttp is an async HTTP client/server library for Python, and urllib is Python's built-in HTTP module. By default each sends a user agent naming the library — an aiohttp token or a Python-urllib token — unless the developer overrides it. Seeing these tokens marks a request as scripted Python traffic rather than a browser.
- Detecting automation from user agents
You can use the user agent as a first signal for spotting automation — tool tokens, headless markers, missing strings — but it is never conclusive, because any client can change it. Reliable detection pairs the UA with verification and behaviour, and records honest unknowns. This page explains a sound approach.
- Bot intelligence
Surface scripted Python HTTP traffic separately from human visits.
Sources and verification notes
- urllib3 documentationurllib3 sends a default user agent naming the library; requests sends its own python-requests default.
Last reviewed 2026-06-24. Facts are checked against primary/official sources where available; uncertain specifics are marked “Data not yet verified” rather than guessed.