Parse user agent strings to detect browser, OS, device type, and bots. Analyze Chrome, Firefox, Safari, and Googlebot user agents instantly. Free tool.
A User-Agent string is the dense identifier a client sends with every HTTP request. This tool decodes one into its meaningful parts:
For historical compatibility reasons, nearly every browser still claims to be "Mozilla/5.0," and many include tokens like "like Gecko" or "Safari" that they are not. Parsing reliably means knowing which substrings actually identify the engine and which are legacy cruft. The parser handles that so you do not have to memorize the quirks.
A User-Agent is client-supplied and trivially spoofed. Bots routinely impersonate Googlebot or a normal Chrome browser. Treat parsed output as a hint, not proof of identity — for verifying a real crawler you need reverse-DNS or published IP ranges, not the string alone. Modern browsers are also freezing and reducing UA detail (Client Hints), so device specifics are increasingly coarse.
Parsing happens in your browser, so any log lines you paste in stay on your machine.
Decode user agent strings to identify browser, OS, device type, and bot status.
Analytics debugging, bot detection, device-specific testing.
Understanding bot traffic is essential for security, analytics, and resource management. Here's how to identify different types of automated traffic.
Search engine crawlers identify themselves clearly:
| Bot | User Agent Contains | Purpose |
|---|---|---|
| Googlebot | Googlebot | Google search indexing |
| Bingbot | bingbot | Bing search indexing |
| Slurp | Slurp | Yahoo search indexing |
| DuckDuckBot | DuckDuckBot | DuckDuckGo indexing |
| facebookexternalhit | facebookexternalhit | Facebook link previews |
| Twitterbot | Twitterbot | Twitter card generation |
Watch for these red flags:
python-requests/2.x or curl/7.xScrapy, HTTrack, wget# nginx example
if ($http_user_agent ~* (scrapy|wget|curl|python)) {
return 403;
}
Note: User agents can be spoofed. Use multiple signals for reliable bot detection.
User agent (UA) string is HTTP header sent by browsers/apps identifying themselves to servers. Format: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/120.0.0.0". Contains: browser name and version (Chrome 120), rendering engine (AppleWebKit, Gecko, Trident), operating system (Windows 10, macOS, iOS, Android), device type (desktop, mobile, tablet), sometimes: language, architecture (64-bit), brand (Samsung, Apple). Used for: analytics, feature detection, mobile optimization, bot detection, browser support warnings. Note: UA strings can be spoofed - not fully reliable for security. This tool parses UA strings into structured, readable information.
Historical quirk from browser wars. Netscape Navigator called itself "Mozilla" (Mosaic Killer). Early websites checked "if contains Mozilla" to serve advanced features. Internet Explorer wanted those features, added "Mozilla/4.0 (compatible; MSIE)" to UA string. Other browsers followed to avoid being blocked. Result: all modern browsers claim "Mozilla/5.0" for compatibility even though Netscape is long dead. Shows browser evolution: Mozilla/5.0 (compatibility) → actual browser (Chrome, Safari, Firefox) → rendering engine (WebKit, Gecko). Legacy from 1990s web, persists for backward compatibility. Ignore "Mozilla/5.0", focus on actual browser identifier. This tool extracts real browser name despite Mozilla prefix.
Check for mobile indicators in UA: "Mobile", "Android", "iPhone", "iPad", "iPod", specific devices (Samsung, Huawei). Desktop: "Windows NT", "Macintosh", "Linux x86_64". Tablets: "iPad", "Android" without "Mobile". Example mobile: "Mozilla/5.0 (iPhone; CPU iPhone OS 16_0 like Mac OS X) ... Mobile/15E148". Better approach: use JavaScript: navigator.userAgentData (modern), window.matchMedia("(max-width: 768px)") (responsive), navigator.maxTouchPoints > 0 (touch device). Challenges: UA strings unreliable (spoofed, fragmented), new devices constantly added, tablets sometimes report as desktop. This tool detects device type from UA with fallback indicators for edge cases.
Rendering engine converts HTML/CSS/JS to visual page. WebKit: used by Safari, older Chrome, many mobile browsers. Open source (Apple). Blink: Google's fork of WebKit (2013), used by Chrome, Edge, Opera, Brave. Most popular. Gecko: Firefox and Mozilla products. Independent codebase. Trident: legacy Internet Explorer (deprecated). EdgeHTML: legacy Edge (deprecated). Differences affect: CSS rendering (subtle layout differences), JavaScript performance, supported web features. For developers: test across engines, feature detection over browser detection, use caniuse.com for compatibility. UA strings show engine: "AppleWebKit/537.36" or "Gecko/20100101". Modern sites use feature detection, not engine sniffing. This tool identifies rendering engine from UA string.
Bots identify themselves in UA strings: Googlebot: "Googlebot/2.1", Bingbot: "bingbot/2.0", other crawlers: "Slurp", "DuckDuckBot", "Baiduspider", "ia_archiver" (Internet Archive). Social bots: "facebookexternalhit", "Twitterbot", "LinkedInBot". Monitoring: "Pingdom", "UptimeRobot". Good bots identify honestly. Bad bots: spoof browser UA to avoid detection, high request rate, ignore robots.txt. Detection strategies: check UA for known bot patterns, verify with reverse DNS (Googlebot IPs), rate limiting, CAPTCHA for suspicious patterns, analyze behavior (no JS execution, no image loading). Whitelist known good bots, block/throttle suspicious ones. This tool highlights bot identifiers in UA strings and provides bot detection patterns.
No - use feature detection instead of UA sniffing. Problems with UA: unreliable (can be spoofed), fragmented (thousands of variations), outdated quickly (new browsers, versions), doesn't detect actual capabilities. Better approach: JavaScript feature detection: "if ('geolocation' in navigator)", Modernizr library, @supports in CSS, progressive enhancement. Example: instead of "if UA contains Chrome", use "if ('IntersectionObserver' in window)". UA useful for: analytics (understanding user demographics), debugging (reproducing issues), serving different assets (mobile vs desktop HTML), blocking known bad bots. Use UA for stats, not for functionality decisions. This tool parses UA for analysis, not as replacement for feature detection.
User-Agent Client Hints (UA-CH) is modern replacement for UA strings. Instead of full string, server requests specific hints via headers: Sec-CH-UA (browser), Sec-CH-UA-Platform (OS), Sec-CH-UA-Mobile (mobile flag). Benefits: privacy (less fingerprinting), opt-in (server requests what it needs), structured (not parsing strings). Request hints: Accept-CH: Sec-CH-UA-Platform-Version (server header). JavaScript: navigator.userAgentData.getHighEntropyValues(["platform"]). Adoption: Chrome/Edge support (2021+), Firefox/Safari gradual adoption, UA string deprecated but remains for legacy. Migration: support both UA-CH and traditional UA parsing during transition. This tool parses traditional UA strings with note about UA-CH migration.
Spoofing = sending fake UA string. Reasons: privacy (avoid tracking), bypass restrictions (access desktop site on mobile), scraping (avoid bot detection), automated testing, emulation. Techniques: browser developer tools (change UA), browser extensions, curl/wget --user-agent flag, headless browsers (Puppeteer, Selenium). Detection: behavior analysis (bot-like patterns), canvas fingerprinting, TLS fingerprinting, JavaScript challenges, honeypot fields. Privacy tools: Tor Browser (standardized UA), Brave (reduced fingerprinting), privacy extensions randomize UA. For websites: don't rely solely on UA for security, combine with other signals, respect privacy settings. This tool shows what UA string reveals, highlighting privacy implications.