Skip to content
D1
EN
Guides

User-Agent vs Client Hints

user agent vs client hints · sec-ch-ua · browser detection

Compare legacy User-Agent strings with Chromium Client Hints when diagnosing version drift, privacy reductions, and impersonation.

By DN01 Network Team

Modern Chromium browsers may expose both a legacy User-Agent string and Client Hints such as sec-ch-ua and sec-ch-ua-full-version-list. The DN01 Browser Update Checker reads browser signals from your session and maps them to product, major version, and update guidance. Operators use it during migrations, incident triage, and vendor onboarding when they need repeatable evidence rather than ad-hoc screenshots.

Privacy changes freeze or reduce User-Agent detail while Client Hints can still reveal brand and major version when enabled by the page.

Record both values from the DN01 result, note whether the site requests high-entropy hints, and avoid treating a disguised Chrome UA as proof of a current Chrome build. Pair the checker with DNS or SSL tools only when the failure is network-related; most browser tickets are solved by version and feature support alone. Save the result permalink in the ticket, record the check time, and compare output before and after configuration changes or client updates.

Re-run the check after every meaningful change and keep the guide link in the team runbook so new operators follow the same diagnostic order.

Signals DN01 evaluates

DN01 inspects User-Agent, platform hints, and available Client Hints to infer the browser family and major release.

When signals disagree, the tool keeps the raw values visible so support can see impersonation, compatibility mode, or privacy-reduced strings.

Common support mistakes

Do not ask users to paste full header dumps into chat; unrelated cookies or auth headers create privacy risk and slow triage.

Avoid blaming CDN or DNS first when only one browser version reproduces the issue; capture the DN01 permalink instead.

After you confirm the version

If the browser is current, investigate extensions, enterprise policy, mixed content, or site JavaScript errors next.

If the browser is outdated, send the official vendor link, verify after restart, and close the ticket only after the major version changes.

Documentation and next steps

Archive checker output in change tickets, vendor reviews, and incident records so the next operator sees the same parsed evidence instead of a screenshot alone.

Link this guide and the tool landing in team wikis, then pair results with related DN01 utilities when the issue crosses DNS, mail, TLS, or security layers. Note who ran the check, which input was used, and whether the result permalink was shared with the requester.

When to escalate or combine checks

If Browser Update Checker output still disagrees with user reports after a restart or cache clear, capture timestamps, raw inputs, and the DN01 permalink before changing production DNS, mail, TLS, or auth settings.

Escalate to platform or identity owners when enterprise policy blocks the fix; otherwise pair this guide with adjacent DN01 DNS, mail, TLS, or security utilities so one ticket closes the loop.

Browser check workflow
StepAction
CaptureSave DN01 permalink with detected version
CompareNote User-Agent vs Client Hints
UpdateUse official vendor channel
RetestRe-run checker after restart

Frequently asked questions

Does DN01 install browser updates?

No. DN01 only reports status and links to official update sources maintained by each vendor.

Can browsers hide their real version?

Yes. Privacy features, enterprise policies, and compatibility modes can freeze or spoof strings, so DN01 shows every practical signal available.

Should I store raw User-Agent strings?

Store the DN01 result link when possible. Raw headers are longer, rot faster, and may include unrelated request metadata.

Can I share results with my team?

Yes. Copy the DN01 output or permalink into change tickets so everyone reviews the same parsed evidence instead of screenshots alone.