Sec-CH-UA
The HTTP Sec-CH-UA request header sends the browser's brand and version information as part of the User-Agent Client Hints framework.
Baseline: Limited availability
Supported in Chromium-based browsers (Chrome, Edge, Opera). webstatus.dev
Usage
The Sec-CH-UA header provides a structured
alternative to the User-Agent string for
identifying the browser. Chrome completed its User-Agent
reduction rollout, freezing the UA string to a fixed
format no longer exposing minor
version numbers, OS versions, or device models. The
reduced desktop UA string reads
Mozilla/5.0 (<platform>) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/<major>.0.0.0 Safari/537.36
and the mobile string freezes to Android 10; K
regardless of actual device. The User-Agent Client Hints
headers replace this lost detail through an opt-in
mechanism reducing passive fingerprinting.
Three low-entropy hints are sent by default without server opt-in: Sec-CH-UA, Sec-CH-UA-Mobile, and Sec-CH-UA-Platform. All other UA-CH headers are high-entropy and require the server to request them through Accept-CH.
The header value is a Structured Header list of brand and version pairs. Each browser includes multiple brand identifiers reflecting the layered nature of modern browser engines. Chromium-based browsers report both the Chromium version and the specific brand (Chrome, Edge, Opera). The list includes a GREASE brand with an intentionally irregular format to prevent servers from building brittle parsers depending on exact string matching.
The version number in Sec-CH-UA represents the significant (marketing) version, matching the major release number. Servers needing full version strings request the high-entropy Sec-CH-UA-Full-Version-List hint through Accept-CH.
On the client side, the navigator.userAgentData
JavaScript API provides the same data. The
brands and mobile properties are available
synchronously. High-entropy values like platform
version, architecture, and device model require calling
navigator.userAgentData.getHighEntropyValues(), which
returns a promise.
Browsers send Sec-CH-UA by default on every request unless blocked by a permissions policy.
Values
Brand list
The value is a Structured Header list of quoted brand names and version
numbers. Each entry pairs a brand string with a version using the
format "Brand Name";v="Version".
Common brand identifiers include "Chromium", "Google Chrome",
"Microsoft Edge", and "Opera". The GREASE entry uses variations
like "Not A Brand", " Not A;Brand", or "Not_A Brand" with version
99 to ensure servers handle unexpected brand formats.
Example
A Chrome browser on Windows sends a brand list identifying both Chromium and Google Chrome at version 124. The GREASE brand entry helps prevent parsing code from becoming fragile.
Sec-CH-UA: "Chromium";v="124", "Google Chrome";v="124",
"Not-A.Brand";v="99"
An Edge browser reports Microsoft Edge alongside the underlying Chromium version. All Chromium-based browsers include the Chromium brand in the list.
Sec-CH-UA: "Chromium";v="122", "Microsoft Edge";v="122",
"Not:A-Brand";v="99"
Takeaway
The Sec-CH-UA header sends browser brand and version information as a low-entropy client hint, providing a structured alternative to User-Agent string parsing while preserving privacy.
See also
- User-Agent Client Hints (WICG)
- User-Agent Reduction (Chromium)
- Migrate to User-Agent Client Hints (web.dev)
- Client-Hints
- Accept-CH
- User-Agent
- Sec-CH-UA-Mobile
- Sec-CH-UA-Platform
- Sec-CH-UA-Full-Version-List
- HTTP headers