What Is a User Agent?

Paste into ChatGPT, Claude, or any LLM

On this page

A user agent is a short text string a client sends in the User-Agent HTTP header to tell a server what software is making the request. Every time a browser loads a page it announces itself - the browser name and version, the rendering engine, and the operating system. A real Chrome request looks like Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36. Servers read this to decide what to send back, and bot-detection systems read it as the very first signal of whether a request came from a real browser or a script.

Lives in	The User-Agent HTTP request header
Format	Product tokens: browser, engine, OS, version
Default for scripts	python-requests/2.x, curl/8.x, Go-http-client - instant giveaways
Used for	Content negotiation, analytics, and bot detection
On its own	Weak signal - easily spoofed, so detectors cross-check it

How a user agent works

The user agent travels in the User-Agent request header, one of the standard headers sent with every HTTP request. A server can branch on it - serving a lighter page to an old browser, a mobile layout to a phone, or a block page to something it does not recognize. The string is purely advisory: nothing stops a client from sending whatever it wants, which is exactly why a scraper can set a Chrome user agent even though no Chrome is involved. The default user agents that HTTP libraries send are the problem. Out of the box, Python's requests library sends python-requests/2.31.0, curl sends curl/8.4.0, and Go sends Go-http-client/1.1. Any of those is a one-line rule for a site to block, because no human visitor ever sends them.

Why user agents matter for web scraping

Setting a realistic user agent is the single cheapest improvement you can make to a scraper, and the most common rookie mistake is forgetting it. But a believable string is necessary, not sufficient. Modern bot detection treats the user agent as one claim among dozens and checks whether the rest of the request agrees with it. If you claim to be Chrome 126 on Windows but your TLS handshake fingerprint matches a Python library, your header order is alphabetical (browsers use a fixed, non-alphabetical order), and your Client Hints are missing, the user agent becomes evidence against you rather than cover. A coherent identity beats a fancy user agent every time.

Rotating and matching user agents

Two rules cover most real-world use. First, rotate user agents from a pool of current, real strings so a long job does not send ten thousand requests from the exact same fingerprint - but keep the pool fresh, because a Chrome 90 string in 2026 is as suspicious as a default one. Second, and more important, match every other signal to the user agent you send: the Sec-CH-UA Client Hints, the Accept-Language header, the navigator properties a headless browser exposes, and the TLS fingerprint all have to tell the same story. Mismatched signals are what lie-detection systems look for.

Code example

python

import requests

# A realistic, current user agent (and matching headers)
headers = {
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) '
                  'AppleWebKit/537.36 (KHTML, like Gecko) '
                  'Chrome/126.0.0.0 Safari/537.36',
    'Accept-Language': 'en-US,en;q=0.9',
}

resp = requests.get('https://example.com', headers=headers)
# Note: the user agent alone is not enough - TLS and header order
# still reveal 'requests'. A scraping API matches all signals for you.

Related terms

What Is Browser Fingerprinting?

Browser fingerprinting is a technique that identifies and tracks a visitor by combining dozens of small, observable characteristics of their…

What Is TLS Fingerprinting (JA3/JA4)?

TLS fingerprinting is a way to recognize what software made a connection just by looking at how it sets up encryption — before the server re…

What Is Client Hints Fingerprinting?

User-Agent Client Hints (UA-CH) are a set of structured HTTP headers plus a matching JavaScript API that report the same browser and operati…

What Is Anti-Bot Detection?

Anti-bot detection is the set of techniques websites use to tell automated traffic apart from real human visitors — and then block, challeng…

What Is a Web Scraping API?

A web scraping API is a hosted HTTP service that visits a web page for you and hands back the result — rendered HTML, JSON, or already-parse…

How Do Websites Detect Web Scrapers?

Websites spot scrapers by gathering hundreds of small clues about each visitor, then scoring how human the whole picture looks. No single cl…

What Is a CAPTCHA?

A CAPTCHA is a challenge a website uses to tell a human visitor apart from an automated script. The name stands for Completely Automated Pub…

Concept map

How User Agent connects

The terms most directly tied to this one. Hover a node to see its neighbours, click to preview, drag to rearrange.

0 terms · 0 connections

You are here · Web Scraping APIs

Tools & solutions for this topic

Frequently asked questions

What does a user agent string look like?

A typical desktop Chrome user agent is 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36'. It lists a compatibility token, the rendering engine, the OS, and the browser version. The 'Mozilla/5.0' prefix is a historical artifact that nearly every browser still sends.

Is changing my user agent enough to avoid blocks?

No. Setting a realistic user agent removes the most obvious giveaway, but detectors cross-check it against your TLS fingerprint, header order, Client Hints, and behavior. If those contradict the user agent you claim, the mismatch flags you. A good user agent is the floor, not the ceiling.

Should I rotate user agents when scraping?

Rotating from a pool of current, real user agents helps spread a large job across more plausible identities. But rotating the user agent while leaving every other signal identical does little - the strings have to be current, and the rest of the fingerprint has to match each one.

Where is the user agent set?

It is the value of the User-Agent HTTP request header. In code you set it explicitly (a headers dict in Python, a header option in curl). Browsers set it automatically based on the build. Servers and analytics tools read it from the incoming request.

Last updated: 2026-06-08