What does this tool detect?

It extracts browser name and version, operating system name and version, device type (desktop, mobile, tablet, smart TV, wearable), device vendor and model, rendering engine, and CPU architecture.

Does the UA string reveal my real location or identity?

No. The UA string contains only software and hardware information about your browser environment - no IP address, location, or personal identity. Parsing happens entirely in your browser.

Why is device type sometimes missing?

Desktop browsers typically omit device-type hints from their UA strings. The parser defaults to "Desktop" when no device token is present. Mobile and tablet browsers usually include explicit tokens.

Which library powers the parsing?

This tool uses ua-parser-js (MIT licence), a well-maintained open-source library with a comprehensive database of known UA patterns.

User Agent Parser - Toolcroft

What is a User-Agent string?

Every browser and HTTP client sends a User-Agent (UA) string in the User-Agent request header. The server can read it to understand which browser, operating system, and device sent the request, and optionally tailor its response accordingly.

Anatomy of a UA string

A typical desktop Chrome UA looks like this:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Mozilla/5.0: legacy compatibility token present in virtually all modern browsers.
(Windows NT 10.0; Win64; x64): OS and CPU architecture.
AppleWebKit/537.36: rendering engine and version.
Chrome/124.0.0.0: browser name and version.

What can you detect from a UA string?

Browser: name and version (Chrome, Firefox, Safari, Edge, Opera…).
Operating system: name and version (Windows, macOS, Linux, iOS, Android…).
Device type: desktop, mobile, tablet, smart TV, wearable, XR headset.
Device vendor and model: Apple iPhone, Samsung Galaxy, etc. (mobile/tablet only).
Rendering engine: Blink, Gecko, WebKit, Trident…
CPU architecture: amd64, arm64, ia32, etc.

Limitations of UA sniffing

UA strings are self-reported and can be spoofed by any client. Many browsers allow users to change their UA, and tools like developer-mode device emulation commonly switch it. For capability detection in web applications, prefer feature detection (e.g., checking for CSS.supports() or navigator.mediaDevices) over UA sniffing.

Additionally, the User-Agent Client Hints API (navigator.userAgentData) is the modern, privacy-preserving replacement for UA strings in Chromium-based browsers, providing structured data without the full UA string.

UA string freezing and Client Hints

Starting in 2021, Chrome began freezing portions of the UA string to reduce passive fingerprinting: the minor browser version, OS version, and device model are reported as fixed placeholder values instead of real data. The replacement API is User-Agent Client Hints, delivered via HTTP request headers:

Sec-CH-UA: browser brand and major version
Sec-CH-UA-Platform: OS name (e.g. “Windows”)
Sec-CH-UA-Mobile: boolean mobile indicator
Sec-CH-UA-Model: device model (high-entropy, must be requested)

Servers must explicitly request high-entropy hints via the Accept-CH response header. Client Hints are only available in Chromium-based browsers; Firefox and Safari continue to expose the traditional UA string.

Mobile detection accuracy

The UA string alone cannot reliably distinguish a tablet from a laptop with a touchscreen, or a foldable phone in desktop mode from a regular desktop. For responsive design decisions, prefer CSS media queries (pointer: coarse for touch, hover: none for touch-primary devices) over UA-based mobile detection. These reflect actual input capabilities rather than the reported device category.

Common bot and crawler user agents

Bot	UA string excerpt
Googlebot	Mozilla/5.0 … Googlebot/2.1
Bingbot	Mozilla/5.0 … bingbot/2.0
AhrefsBot	Mozilla/5.0 … AhrefsBot/7.0
SemrushBot	Mozilla/5.0 … SemrushBot/7~bl
DuckDuckBot	DuckDuckBot/1.0

Identifying crawler traffic is useful for writing accurate robots.txt rules and for segmenting server log analytics. Note that malicious bots often spoof popular crawler UA strings - verify Googlebot by reverse DNS lookup, not UA alone.