Chrome has been gradually freezing the User-Agent string since Chrome 107. The detailed version and platform information that sites have relied on for decades is being replaced with a reduced, generic string. In its place, Chrome offers User-Agent Client Hints, a structured API that provides the same information but requires the server to explicitly request it.
If your site does any kind of device detection, browser targeting, or analytics based on User-Agent parsing, this change will eventually affect you. And most sites haven't done anything to prepare for it.
What's actually changing
The traditional User-Agent string contained everything: browser name, version, operating system, device model, sometimes even the chip architecture. Servers used this for responsive design decisions, analytics segmentation, and feature detection.
The reduced User-Agent string Chrome is rolling out removes most of this detail. You'll get a generic browser identifier, a major version number, and a simplified platform indicator. The specific OS version, device model, and minor browser version will be gone.
This is a privacy improvement. The old User-Agent string was a fingerprinting goldmine, unique enough to identify individual users across sites without cookies. But it also breaks a lot of legitimate server-side logic.
Client Hints: the replacement
User-Agent Client Hints work differently. Instead of sending everything automatically, the server tells the browser what information it needs via the Accept-CH response header. The browser then sends only those specific hints in subsequent requests.
The hints include Sec-CH-UA (browser brand and version), Sec-CH-UA-Mobile (mobile flag), Sec-CH-UA-Platform (operating system), Sec-CH-UA-Platform-Version, Sec-CH-UA-Model (device model), and several others.
For first-page-load detection (before the browser has seen your Accept-CH header), there's Critical-CH. This header tells the browser to retry the request with the specified hints if they weren't included initially. It adds a round trip but ensures you get the data you need on the very first request.
What the tool checks
The Client Hints Audit examines your site's response headers for Client Hints readiness:
- Whether
Accept-CHis present and which hints it requests - Whether
Critical-CHis set for hints needed on first load - Whether the
Permissions-Policyheader allows Client Hints delegation to third-party iframes - Whether your server still relies solely on User-Agent parsing (indicated by the absence of Client Hints headers combined with UA-specific behavior)
The tool also checks whether your hints request is proportional. Requesting every available hint is the same fingerprinting problem the User-Agent reduction was designed to solve. Best practice is to request only the hints you actually use.
What to do about it
If your server does any UA-based logic, here's the migration path:
Audit your UA usage. Search your server code for User-Agent parsing. Common patterns: device-specific redirects, analytics UA segmentation, bot detection, content negotiation. List every place you read the UA string and what information you extract from it.
Map each use to a Client Hint. Device model? That's Sec-CH-UA-Model. OS version? That's Sec-CH-UA-Platform-Version. Mobile detection? That's Sec-CH-UA-Mobile. Most server-side UA parsing maps cleanly to one or two hints.
Set Accept-CH. Add the header to your server responses listing only the hints you need. Don't request everything.
Add Critical-CH for first-load needs. If you need device information to serve the right page layout on the very first request (before the browser has seen your Accept-CH), add those hints to Critical-CH.
Update your analytics. If your analytics platform parses UA strings on the server side, check whether it supports Client Hints. Most modern analytics platforms have already migrated.
If you're building a new site and want to get the server configuration right from the start, the infrastructure setup in The $97 Launch covers this alongside other response header requirements.
Fact-check notes and sources
- Chrome User-Agent reduction timeline: Chromium Blog, "User-Agent Reduction"
- Client Hints specification: IETF RFC 8942, "HTTP Client Hints"
- Critical-CH specification: WICG, "Client Hints Reliability"
- Chrome 107 frozen UA details: Chromium, "User-Agent Reduction"
Related reading
- Security headers overview — other response headers you need
- Permissions-Policy and Client Hints — the full audit
- Core Web Vitals field data — real-user metrics that replace device-based assumptions
- Platform detection audit — what your site reveals about its tech stack
This post is informational, not consulting or legal advice. Mentions of Chrome, Google, and IETF are nominative fair use. No affiliation is implied.
