User-Agent + cross-checks
measuring…
navigator.userAgent + navigator.platform + hardwareConcurrency + deviceMemory together encode 14–18 bits even before touching graphics or audio.
User-Agent
User-Agent test — what your browser claims to be
The User-Agent surface is the oldest signal in any browser fingerprint test — and still one of the most consequential. Pair it with
navigator.platform, hardwareConcurrency, deviceMemory, maxTouchPoints, and languages, and you have 14–18 bits of entropy before any graphics or audio probe runs.Live test
This card runs only the user-agent probe. To run all six fingerprint surfaces at once, use the full browser fingerprint test.
What is a User-Agent fingerprint?
What is a User-Agent fingerprint?
The User-Agent fingerprint is the bundle of identity-related properties exposed by navigator: the full userAgent string, platform, vendor, language, languages, hardwareConcurrency (CPU core count), deviceMemory (RAM in GB rounded down to power of two), maxTouchPoints, doNotTrack, and cookieEnabled. Each of these is read directly by every fingerprinting library.
How the test works
How the test works
The test reads each navigator property directly, hashes the concatenation, and runs one important cross-check: it compares the OS substring inside navigator.userAgent with navigator.userAgentData.platform. If the User-Agent says "Macintosh" but userAgentData says "Windows", that's a spoof signature visible to every WAF — and one of the easiest ways to mark a session as a bot.
How to spoof User-Agent consistently
How to spoof User-Agent consistently
The trap with User-Agent spoofing is that there are three places to lie: navigator.userAgent (JavaScript), navigator.userAgentData (JavaScript), and the HTTP User-Agent + Sec-CH-UA-* headers (network). All three must return identical platform / version / arch. Naive extensions only patch the first two; modern anti-bot stacks compare all three.
Browser Leaks Fingerprint Shield's Pro tier patches all three in lockstep using declarativeNetRequestWithHostAccess for the HTTP side and content-script overrides for the JavaScript side. The Strict preset additionally disguises every override so its .toString() returns native-code strings — defeating the standard detection check.
FAQ
User-Agent questions
Why does my User-Agent say "Mac OS X 10_15_7" if I'm on macOS 14?
Chrome's User-Agent Reduction caps the macOS version at 10_15_7 to mitigate fingerprinting, regardless of your real macOS version. Your real platform version is exposed via Sec-CH-UA-Platform-Version instead.
What is hardwareConcurrency?
navigator.hardwareConcurrency returns your CPU core count (logical, including hyperthreading). Real Apple Silicon Macs return 8/10/12/16; most Windows laptops return 8/12/16. The value alone encodes 2-3 bits of entropy.
What is deviceMemory?
navigator.deviceMemory returns your RAM rounded down to the nearest power of 2, capped at 8 to limit fingerprinting. Common values: 4, 8 — but the real underlying number can also be inferred via timing benchmarks.
Can I just spoof navigator.userAgent without the rest?
Technically yes, but it makes you more identifiable, not less. Any tracker comparing UA to userAgentData or to Sec-CH-UA HTTP headers detects the lie immediately. Consistent spoofing across all three surfaces is the only viable approach.
Run the full browser fingerprint test.
See your composite hash across all six surfaces — canvas, WebGL, audio, WebRTC, Client Hints, and User-Agent — in one click.
Open the browser fingerprint test →