User-Agent Client-Hints (UACH) were always going to be a “tax” on the web. In this article we recap the history, unpack the current state, and look to the future.
2020
Back in January 2020 a few Google engineers proposed and then pressed ahead unilaterally with User-Agent Client-Hints. They claimed without justification that privacy would be improved.
51Degrees quickly called UACH for what it is, an anti-competitive abuse of monopoly power and technical standards. We wrote to the UK Competition and Markets Authority (CMA) to urge them to intervene. Proposals to fix UACH were made and rejected by Google and the W3C who failed to implement their own antitrust policy.*
No ones privacy is improved when Google and Apple know everything about everyone all the time and people have no choice in the matter. Privacy is a non-price factor of competition and must be for individual market participants to decide on. James Rosewell51Degrees & Movement for an Open Web
The CMA did eventually take action under the Privacy Sandbox commitments. But it was too little, too late.
UACH represents a missed opportunity and a continuing “tax” on the web.
51Degrees helps developers reduce the complexity of adoption. But we can’t completely mitigate the permissions and data model problems associated with browser and app integrations.
2023
UACH was fully deployed in Chrome and many Chromium browsers in February 2023.
After two years of testing and trialling 51Degrees fully deployed UACH in April 2022. 51Degrees’ users were prepared for the change well in advance.
Developer documentation explains all the concepts and what’s involved.
For those that work with OpenRTB, 51Degrees produced the reference guide for Structured User Agents, a “Frankenstein” adaption of UACH for OpenRTB.
But problems remain.
Perpetual Incubation
The documents relevant to UACH are shown in the following table.
| Document | Standards Body | Authors | Status |
|---|---|---|---|
| User-Agent Client Hints | W3C Incubation Community Group | Mike Taylor (Google) Mike West (Google) Yoav Weiss (Google) | Unofficial Draft – Stalled# |
| HTTP Client Hints | Internet Engineering Task Force (IETF) | Yoav Weiss (Google) Ilya Grigorik (Google) | Experimental |
| Client Hints Infrastructure | W3C Incubation Community Group | Yoav Weiss (Google) | Unofficial Draft – Stalled# |
Even today the only authors and editors are Google employees. The status of all relevant documents remains unratified. Questions remain unanswered.
This is important because a well written and widely adopted standard helps engineers implement interoperability consistently.
WebView & Apps
App vendors do not consider the priority and consistency of fields. Take the following collection keys and values returned for the X (formerly Twitter) app when accessing a web page within the app.
user-agent: Mozilla/5.0 (Linux; Android 15; SM-S928B Build/AP3A.240905.015.A2; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/138.0.7204.179 Mobile Safari/537.36 TwitterAndroid
sec-ch-ua: "Not)A;Brand";v="8","Chromium";v="138"," Android WebView";v="138"
sec-ch-ua-mobile: ?1
sec-ch-ua-platform: "Android"
sec-ch-ua-platform-version: "15"
The User-Agent tells us that the application is Twitter for Android via the yellow highlighted text. But the Sec-CH-UA provides a generic Android Webview as indicated by the blue highlighted text. Which one is correct?
Application developers should as a minimum ensure that the Sec-CH-UA is consistent with the UA.
Fortunately 51Degrees handles this inconsistency by considering all available evidence. See the results for this collection here.
Chaotic Data Models
Unsurprisingly modifying data models from a single field to a variable multi field collection was going to be disruptive. A point that 51Degrees made to the initial CMA consultation.
All this work 51Degrees and our lovely users perform was entirely related to a childlike change Google forced on the industry. Nobody wanted it, and it provides zero benefit.
Permissions & Performance
Confusingly access to some UACH values is restricted and requires a complex "dance" between web server and browser to unlock.
The relevant options are shown in the 51Degrees developer documentation.
Alternatively those with access to JavaScript can get the values, but in a different format, via a single call. But that's a lot slower than getting them on first request at the server.
In all cases 51Degrees takes care of the complexity of decoding and turning them into useful insights.
The result is something that doesn't perform as it might. Not a step forward in our opinion.
What Next?
The veil of privacy that Google used to poorly justify UACH has been lifted. In 2026 Google & Apple no longer get to make changes in the name of privacy which advantage their own data monopoly.
Perhaps in 2026 a proposal can be advanced to deprecate UACH and return to the humble, and still used by all despite all the protests, User-Agent.
It's noticeable that Connected TV (CTV) has bypassed the UACH debacle entirely and retained the original User-Agent.
User-Agent might evolve to include some of the good ideas from UACH. If made shorter, and more precise, performance could be improved. Here’s just such a proposal made in 2021.
Modify [UACH] to reduce data overhead and migration complexity · Issue #200 · WICG/ua-client-hints
And another made today.
🤔
* See the W3C Antitrust and competition policy.
# The list of document types that the W3C publishes does not include "unofficial draft". Indeed the documents themselves include the text "It is not a W3C Standard nor is it on the W3C Standards Track". The barrier to web browser vendor's forcing breaking changes must be made higher. Via our support of Movement for an Open Web we're helping bring that about.
