Client Hints

Client Hints are a set of HTTP request header fields that a server can proactively request from a client in order to get information about the device, network, user and agent specific preferences.

It was introduced as a replacement for HTTP User-Agent: «The primary goal of User Agent Client Hints is to reduce the default entropy available to a server for passive fingerprinting. However, it will still be possible for some, or all hints to be requested and used for active fingerprinting purposes by first or delegated third parties.»

User-AgentCCBot/2.0 (https://commoncrawl.org/faq/)

Every time you visit this page, the server responds with such HTTP header:

HTTP Headers sent by the Server

Accept-CH
sec-ch-ua,ua,sec-ch-ua-platform,ua-platform,sec-ch-ua-mobile,ua-mobile,sec-ch-ua-full-version,ua-full-version,sec-ch-ua-platform-version,ua-platform-version,sec-ch-ua-arch,ua-arch,sec-ch-ua-bitness,ua-bitness,sec-ch-ua-model,ua-model,sec-ch-lang,lang,sec-ch-save-data,save-data,sec-ch-width,width,sec-ch-viewport-width,viewport-width,sec-ch-viewport-height,viewport-height,sec-ch-dpr,dpr,sec-ch-device-memory,device-memory,sec-ch-rtt,rtt,sec-ch-downlink,downlink,sec-ch-ect,ect,sec-ch-prefers-color-scheme,sec-ch-prefers-reduced-motion,sec-ch-prefers-reduced-transparency,sec-ch-prefers-contrast,sec-ch-forced-colors,sec-ch-prefers-reduced-data

The server has asked the client to send the above list of headers, and if your browser supports this feature, it should send those Client Hints headers to the server the following requests.

HTTP Headers received by the Server upon subsequent request

A limited number of Client Hints are available through the JavaScript, no HTTP headers are required here.

JavaScript Disabled

User Agent Client Hints JavaScript API

navigator.userAgentData
brands
mobile
platform
platformVersion
architecture
bitness
model
uaFullVersion

(*) Client Hints are divided into High and Low Entropy. High Entropy require related Accept-CH headers at HTTP level, or async getHighEntropyValues() promise call in JavaScript. But the Low Entropy headers will be sent by default every time, whether or not the server opted-into receiving. Asterisks mark Client Hints that were detected as Low Entropy because they were received without prompting.
Client Hints are not yet standardized, and due to ever-changing specifications, some headers include the Sec-CH- prefix, and some do not. The latest versions of the spec say that all hints must have this prefix, but the last revised implementation (Chrome 94) still accepts some headers only without the prefix. For future compatibility, the Client Hints Test detects both behaviors.

Client Hints Description

List of currently known Client Hints:

Further Reading

Leave a Comment