How To
How to read a User Agent string
Every browser and app sends a User Agent (UA) string with each HTTP request. It identifies the OS, device, browser, and version. Ad servers, analytics platforms, fraud filters, and CDNs all use it to decide what creative to serve, how to attribute traffic, and whether to block requests.
Anatomy of a UA string
A real-world example, taken apart:
Mozilla/5.0 (iPhone; CPU iPhone OS 17_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Mobile/15E148 Safari/604.1
- ●Mozilla/5.0 — A historical token. Almost every browser still leads with it for compatibility, even though "Mozilla" hasn't shipped a browser engine in two decades.
- ●Platform tokens — Inside the parentheses: device family, OS, version.
iPhone,iPhone OS 17_4, etc. - ●Layout engine —
AppleWebKit/605.1.15— the rendering engine. Shared between Safari and most iOS apps. - ●Browser + version —
Version/17.4 Safari/604.1— Safari 17.4. TheVersion/token is Safari's; other browsers use their own (Chrome/,Firefox/,Edg/). - ●Build identifier —
Mobile/15E148— internal build number. Rarely useful but occasionally surfaces when debugging a specific OS release.
Common UA shapes you'll see
| Source | Marker token | Notes |
|---|---|---|
| Chrome desktop | Chrome/ | Look for the version number after; ignore Safari/ token in the same string. |
| Edge | Edg/ | Edge UA also contains Chrome/; check for Edg/ first. |
| Firefox | Firefox/ | Doesn't include Safari/ or Chrome/. |
| Safari iOS | Mobile/ + Safari/ | Mobile/ is the iOS-specific build; Version/ is the Safari version. |
| In-app webview | FBAV / Instagram / TikTok | Apps embed app-name tokens at the end. Important for paid social attribution debugging. |
| Bot / crawler | bot, spider, crawler | Most legitimate bots self-identify (Googlebot, bingbot). Many ad servers exclude these from billable impressions. |
| CTV / smart TV | Roku, AppleTV, BRAVIA, AFTS | No standard format; expect raw model codes. Crucial for CTV inventory verification. |
Where it shows up in ad ops
- —Targeting & creative selection — Ad servers pick mobile vs desktop creatives, fall back to image when SVG isn't supported, etc.
- —Reporting splits — GA4 surfaces this as the
deviceCategorydimension (mobile / tablet / desktop / smart_tv). - —Fraud filtering — Verification vendors (DV, IAS, Moat) use it as one signal among many. Mismatched UA + IP geolocation is a classic SIVT fingerprint.
- —Discrepancy debugging — When your numbers don't match a publisher's, the UA is the first thing to compare. Ad blockers, headless Chrome, and bot UAs are common culprits.
Pitfalls
- —UA spoofing is trivial. Never trust the UA alone for high-stakes decisions (geo-blocking, billing). Combine with IP, behaviour signals, and device fingerprinting.
- —UA Reduction is rolling out. Chrome and Safari are progressively freezing the OS version and capping the browser version. Detail you used to read directly is moving to
User-Agent Client Hintsheaders (Sec-CH-UA-*). Plan for parsing both. - —Old browsers lie about themselves. Internet Explorer 11 reports
Trident/7.0but alsoMozilla/5.0, leading to false-positive Mozilla Firefox detection in naïve parsers. - —Strip the UA before sharing in tickets. Embedded build IDs and unusual app strings can identify a specific device/user. Treat as PII-adjacent.
Try the User Agent Parser
Paste any UA string and get OS, device, and browser broken out for you.