The Sec-CH-UA-Form-Factors client hint (new http header)
Starting from Chrome 124, Chrome will support a new client hint: Sec-CH-UA-Form-Factors.This client hint is part of the privacy sandbox project. It is not sent by default, as it is considered a high-entropy hint. Thus, this new feature has no impact unless a site requests the hint (cf section below).It describes how the user interacts with the browser/device, e.g through a desktop device, through a watch or even through an automotive device. For the moment, the possible values listed in the specs are the following: "Desktop", "Automotive", "Mobile", "Tablet", "XR", "EInk", or "Watch”:What’s the purpose of this new client hint?
The Sec-CH-UA-Form-Factors client hint aims to help websites customize resources and the presentation based on the type of devices used by the user to provide a better user experience. It helps websites to avoid using fragile user-agent detection based on the user-agent string.When will Sec-CH-UA-Form-Factors be available?
It will be released in Google Chrome 124, both on desktop, mobile, and webview. Note that it was in dev trial since Chrome 122 behind theClientHintsFormFactor
flag, so you might see Chrome browsers older than version 124 with this header.Is there any fingerprinting/privacy risk linked to this client hint?
As usual, Google conducted a privacy/fingerprinting impact study before delivering these kinds of features. Even though it is considered a high-entropy hint, and therefore is not sent by default, Google concluded that there’s no risk of active fingerprinting as “the factors can already be retrieved from the user agent.”As a website, how can I collect the value of this new header?
You have two possibilities to collect the value of Sec-CH-UA-Form-Factor:
Sec-CH-UA-Form-Factor
in the Accept-CH
HTTP response header by doing the following:. Accept-CH: Sec-CH-UA-Form-Factors
NavigatorUAData.getHighEntropyValues
with "formFactor"
included in the hints
argument.Other recommended articles
Everything you want to know about the user agent HTTP header
This article presents everything you need to know about the user agent HTTP header: its origin, how it can be used to infer the user OS/browser, as well as the limits of using the user agent for security purposes.
Published on: 16-04-2024
The Zstd accept-encoding header
News: Zstd encoding has been added to Google Chrome starting from version 123. You may start seeing the Zstd value in the accept-encoding headers in your logs on recent Chromes.
Published on: 12-04-2024
What are HTTP headers
This article provides an overview of the HTTP headers. We explain their role on the web and go through the main headers such as the user-agent, accept-encoding and referer to provide more details.
Published on: 27-03-2024