What is a user agent used for?

Servers inspect the UA header to serve mobile vs desktop pages, apply browser-specific CSS fixes, and segment analytics.

Can I generate mobile user agents?

Yes — generate iOS Safari, Android Chrome, and other mobile UA strings.

How do I use a generated UA string?

Add it as a User-Agent header in HTTP requests using curl, Postman, or browser developer tools.

Is spoofing a user agent legal?

Generally yes for testing and development purposes. Terms of service for some websites prohibit automated access or UA spoofing for scraping — check the site's ToS and robots.txt before scraping at scale.

Why do all browsers say 'Mozilla/5.0'?

Legacy compatibility. Early web servers served rich content only to 'Mozilla' browsers and plain HTML to others. Chrome, Safari, and Edge all include 'Mozilla/5.0' so servers don't serve them degraded content.

User Agent Generator

Get user agent strings for different browsers and devices.

Common User Agents

Click to copy user agent strings

Chrome 134 (Windows)

Chrome 134 (Mac)

Firefox 135 (Windows)

Safari 18 (Mac)

Edge 134 (Windows)

iPhone 16 (Safari 18)

Android 14 (Chrome 134)

iPad Pro (Safari 18)

Googlebot 2.1

Use Cases

• Test responsive designs
• Debug browser-specific issues
• Simulate different devices
• API testing with device headers

Next steps

cURL to Code

Recommended

Convert cURL commands to JavaScript fetch, Python, or PHP code.

Hash Generator

Recommended

Generate secure MD5, SHA-256, and SHA-512 hashes from any text.

UUID Generator

Generate v4 UUIDs instantly — copy one or bulk-generate thousands.

Base64 Converter

Encode or decode Base64 in one click — works with text and files.

View all tools →

Runs entirely in your browser. No uploads. Your files stay private.

What Is a User Agent String?

A User-Agent string is the value of the User-Agent HTTP header that every browser and HTTP client sends with each request. It identifies the product (browser brand), version, operating system, CPU architecture, and rendering engine. The format is loosely defined by RFC 9110 as a sequence of product tokens with optional comments, but in practice every browser ships its own quirks of legacy compatibility tokens.

Your current browser's UA string is shown at the top of the page, read directly from navigator.userAgent. The page does not transmit it to any server — the read is purely local for display. The other strings are static, hand-curated samples covering the major desktop browsers (Chrome, Firefox, Safari, Edge), mobile browsers (iOS Safari, Android Chrome), tablets (iPad), and Googlebot, all at recent stable versions. They are not auto-updated, so check current values against a reference like browserlist or whatismybrowser before using them in production code.

The UA format is a tale of accumulated legacy. Every modern browser starts with Mozilla/5.0 because Netscape Navigator 4 used Mozilla/4.0 and early servers gated rich content on that prefix. Chrome appends AppleWebKit/537.36 because it forked KHTML through WebKit; it appends Safari/537.36 because Safari did the same and many sites sniffed for Safari to enable WebKit features; it then puts Chrome/x.x.x ahead of Safari to be detected as Chrome. Edge appends Edg/x.x.x at the very end because it is Chromium-derived but wants to be distinguishable.

User agent sniffing is the practice of inspecting the UA to make routing or feature decisions. It is widely considered an anti-pattern — the strings lie (browser modes, extensions, and cloned engines all spoof them), they evolve (Chrome's UA Reduction in 2022 froze MINOR.BUILD.PATCH version numbers to 0.0.0), and feature detection via in-browser API checks is more reliable. Use UA only for analytics segmentation and graceful degradation, never for content gating.

Modern alternatives are emerging. The User-Agent Client Hints specification (Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform) splits the UA into structured headers that browsers send only to origins that opt in via the Accept-CH header. Chrome already sends a frozen UA by default, with the rich data available through Client Hints. Safari and Firefox have not adopted Client Hints fully, so the legacy User-Agent string is still the lowest common denominator.

When you spoof a UA in scraping or testing, set the entire string to match a real browser, not a partial value. Set Accept, Accept-Language, and Accept-Encoding headers to match too — bot-detection systems compare the combination, not just the UA alone. Some sites also fingerprint TLS handshake parameters (JA3 hash) and HTTP/2 stream priorities, which a plain UA swap cannot disguise.

Generation here is purely client-side: the strings are constants in the React component, copy uses the navigator.clipboard API, and the page never sends or fetches data. Each copy puts a string on your clipboard for use in curl, fetch, Postman, browser DevTools network conditions, or your own test fixtures.

Common Use Cases

Cross-browser bug reproduction

Spoof another browser's UA in your HTTP client to reproduce a bug reported against that browser.

Mobile testing without devices

Send a Mobile UA in DevTools or Postman to exercise the mobile responsive path on a server.

Bot-friendly API testing

Identify your scraper as Googlebot when permitted, or as a real browser when needed.

Analytics QA

Verify that your analytics tool segments traffic into the expected device categories.

Frequently Asked Questions

Servers inspect it to serve mobile or desktop layouts, apply browser-specific CSS workarounds, segment analytics, gate features, and identify bots. Most of those uses are better handled with feature detection or Client Hints, but UA sniffing remains widespread.

In curl use -A or -H 'User-Agent: ...'. In fetch from Node use the headers option. Browser fetch in a page cannot override User-Agent due to security restrictions, but DevTools' Network conditions panel can spoof it for the whole tab.

Compatibility crud from the 1990s browser wars. Sites used to gate rich content on 'Mozilla' in the UA; every browser added the prefix to be served the modern version. Even Microsoft Edge, which has no Netscape ancestry, ships with it.

Generally yes for testing and personal browsing. For automated scraping, the legality depends on the site's terms of service, applicable computer-misuse laws, and whether you bypass technical protection measures. Read robots.txt and site terms before scraping.

Chrome's UA Reduction project replaced minor, build, and patch numbers with 0.0.0 starting around Chrome 100. The exact version is now exposed via Sec-CH-UA-Full-Version-List as a Client Hint, available only on origins that request it.

A standard that splits the UA into structured request headers (Sec-CH-UA, Sec-CH-UA-Mobile, Sec-CH-UA-Platform). Servers opt in by sending Accept-CH; browsers respond with the requested hints. Chrome supports them widely; other browsers are catching up.

Sometimes. TLS fingerprinting (JA3), HTTP/2 stream priorities, navigator-property mismatches (your UA says iPhone but window dimensions say desktop), and timing patterns can all expose a spoof. UA alone is easy to fake, which is why bot-detection systems combine signals.

No. They are pinned to recent stable versions at the time of writing. Browser UAs change with each release, and Chrome's UA Reduction makes most version digits trail at 0. For real production use, check the latest UA against a reference site.

Almost never. Use feature detection ('css' in window, 'IntersectionObserver' in window) instead. Sniffing fails when users update browsers, when extensions tamper with UA, and when new engines appear. Sniff only for analytics aggregation and graceful degradation.

No. The page reads navigator.userAgent locally and copies hard-coded strings to your clipboard. No analytics, no logs, no upload.