The Sec-CH-UA-Form-Factors client hint (new http header)

Starting from Chrome 124, Chrome will support a new client hint: Sec-CH-UA-Form-Factors.

This client hint is part of the privacy sandbox project. It is not sent by default, as it is considered a high-entropy hint. Thus, this new feature has no impact unless a site requests the hint (cf section below).

It describes how the user interacts with the browser/device, e.g through a desktop device, through a watch or even through an automotive device. For the moment, the possible values listed in the specs are the following: "Desktop", "Automotive", "Mobile", "Tablet", "XR", "EInk", or "Watch”:
  • "Desktop" refers to a browser running on a personal computer.
  • "Automotive" refers to a browser embedded in a vehicle.
  • "Tablet" refers to a touch-oriented device larger than a mobile device.
  • What’s the purpose of this new client hint?

    The Sec-CH-UA-Form-Factors client hint aims to help websites customize resources and the presentation based on the type of devices used by the user to provide a better user experience. It helps websites to avoid using fragile user-agent detection based on the user-agent string.

    When will Sec-CH-UA-Form-Factors be available?

    It will be released in Google Chrome 124, both on desktop, mobile, and webview. Note that it was in dev trial since Chrome 122 behind the ClientHintsFormFactor flag, so you might see Chrome browsers older than version 124 with this header.

    Is there any fingerprinting/privacy risk linked to this client hint?

    As usual, Google conducted a privacy/fingerprinting impact study before delivering these kinds of features. Even though it is considered a high-entropy hint, and therefore is not sent by default, Google concluded that there’s no risk of active fingerprinting as “the factors can already be retrieved from the user agent.”

    As a website, how can I collect the value of this new header?

    You have two possibilities to collect the value of Sec-CH-UA-Form-Factor:

    1. On the server-side you can include Sec-CH-UA-Form-Factor in the Accept-CH HTTP response header by doing the following:. Accept-CH: Sec-CH-UA-Form-Factors
    2. On the client side, you can obtain it using NavigatorUAData.getHighEntropyValues with "formFactor" included in the hints argument.