User-Agent Reduction
Chrome is rolling out changes to the browser’s User-Agent string that will affect how web servers, applications, and CDNs like Akamai gather information about the current user agent (such as the browser’s version, device, and platform information).
The changes in Chrome freeze parts of the User-Agent string and reduce the fidelity of the information provided in other parts. These changes are driven by the goal of increasing privacy across the web, and are a part of Chrome’s Privacy Sandbox initiative.
Client Hints
To complement the reduction and freezing of the User-Agent string, there is a browser feature that websites can use called User-Agent Client Hints, which is a request-based mechanism to gather most of the same information being removed from the User-Agent header. The difference is that Client Hints need to be explicitly requested (in the HTTP response or TLS handshake), and the browser can then optionally include those extra “hints” on future HTTP requests on that connection.
At Akamai, we use the User-Agent header at the edge and as part of many Akamai products for business logic to serve content optimized to each visitor, to classify visitors for reporting, to work around browser bugs, and more.
Akamai is engaged in an initiative to ensure our products support Client Hints and are able to adapt to the reduction and freezing of the User-Agent string, while still maintaining the security, performance, and reliability of those products our customers expect.
For more information about User-Agent reduction and Client Hints from the Chrome team, head here: https://developer.chrome.com/docs/privacy-sandbox/user-agent/
Example changes
Let’s look at a recent Chrome User-Agent string (Chrome 100 on Samsung Android 11 Device):
Mozilla/5.0 (Linux; Android 11; SM-G975U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36
The Chrome team expects the highlighted portions to be changed to:
Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.0.0 Safari/537.36
Notably, the platform portion will be frozen for all previous and future versions — in the above example, every version of Chrome on Android will report as Android 10 even if it’s an older or newer Android. The same freeze applies to macOS, Windows, Android, and Linux platforms.
More details on the frozen platforms are available at https://www.chromium.org/updates/ua-reduction/
Timeline
The Chrome team has published their guidance on the expected timeline for when these changes will be implemented.
Chrome 92 (July 2021): JavaScript developer warnings accessing .userAgent
Chrome 95–100: Sites can opt-in to frozen UA for testing
Chrome 100 (March 2022): Sites can opt-out of UA freezing (until May 2023)
Chrome 101 (April 2022): Version reduced to NN.0.0.0
Chrome 107 (October 2022): Desktop platform frozen (hardcoded)
We’re here! Desktop platform will be frozen with Chrome 107 on Oct 25
Chrome 110 (February 2023): Mobile platform frozen (hardcoded)
Chrome 113 (May 2023): Sites can no-longer opt-out of UA deprecation
We expect the Chrome 107 and 110 changes (in October 2022 and February 2023) that freeze the platform to have the largest effect on Akamai products, as a misleading platform string could affect logic flows.
Although other user agents (such as Safari and Firefox) have not announced their intention to reduce the User-Agent string in the exact same way, we would not be surprised to see similar changes at some point in the future.
How these changes affect Akamai products
Many of Akamai’s products utilize the browser’s User-Agent string to make decisions, classify incoming requests, and provide and optimize performance.
Akamai has been working closely with the Chrome team to prepare for these changes. We are actively engaged in making updates to our platform and our products to support changes to the User Agent and Client Hints.
Akamai’s TLS stack is being updated to support sending ALPS / ACCEPT_CH for improved performance.
Akamai’s Property Manager interface will allow customers to easily request Client Hints for each property through Accept-CH, Critical-CH, or ACCEPT_CH ALPS options.
Akamai products, such as Image & Video Manager, mPulse, and Bot Manager, are being updated to review incoming Client Hints so their logic continues to work properly.
mPulse now has full support for Client Hints
Image & Video Manager now uses the HTTP Accept header to detect supported image formats, and will incorporate the use of Client Hints in future releases
- Akamai logging systems, such as DataStream 2, are being updated to continue providing detailed client information. Older systems such as LDS may not receive updates.
Akamai Control Center reports currently based on user agents will be affected by the User-Agent reduction, and may need to be updated to support Client Hints. Those reports include:
Unique Visitors reports — These reports use client IP addresses plus user agent to identify unique users and will be deprecated.
Traffic by Browser and Operating System reports — These reports may be enhanced in the future.
How these changes affect Akamai customers
Akamai customers may be affected by the changes to the reduced/frozen User-Agent, especially in edge logic (metadata).
Edge logic that is based on the platform (e.g., Android 9 or Windows 11) may not work correctly once that platform is frozen (to Android 10 and Windows 10).
Edge logic that is based on the browser minor, revision, or patch versions will always see “0”. Only the major version will change each release.
These changes may affect our customers’:
Edge logic
Application logic
Reporting and classification
Akamai customer edge logic (e.g., in Property Manager configuration or EdgeWorkers) may have to be reviewed and updated. In some cases, it may be appropriate to request Client Hints and utilize the information from those hints.
The Chrome team has a guide for how to migrate to Client Hints: https://web.dev/migrate-to-ua-ch/
Example Property Manager configuration to be updated
For an example of a Property Manager configuration that will be affected by these changes, see the following match criteria based on the User-Agent header:
And the corresponding metadata XML:
<match:request.header name="User-Agent"
value="*Android\ 5* *Android\ 6* *Android\ 7* *Android\ 8* *Android\ 9*"
value-wildcard="on"
value-case="off">
In this case, the logic within the rule and <match> are only executed for Android 5–9 clients. After the User-Agent reduction happens (for mobile platforms in Chrome 110), all Android clients (1–12 and beyond) will report as Android 10.
In other words, Android 5–9 clients that had previously executed the above logic, will no longer do so in Chrome 110+.
To ensure this logic continues to work as intended, the customer should:
Request the Sec-CH-UA-Platform Client Hint (optionally with Critical-CH if the hints are needed on the first request)
Update the metadata to match on the basis of those Client Hints
The specifics of how to implement those changes vary by property, and may require more technical assistance from your Akamai Account Team.
Need more time?
Chrome is offering a User-Agent reduction deprecation trial that allows sites to enroll in a temporary extension before the User-Agent header is reduced for a site.
For more details, see https://developer.chrome.com/blog/user-agent-reduction-deprecation-trial/.
If you are a Bot Manager customer and enrolling into a User-Agent deprecation trial, please contact your Akamai account team.
Questions?
If you have any questions, please reach out to AkaTec or your Akamai Account Team.
Further reading
