Client Hints (sec-ch-ua)
Modern browsers (Chromium) send a sec-ch-ua-* header block describing brand, version, platform.
Category: WAF Evasion 🎯 Trench — Modern browsers (Chromium) send asec-ch-ua-*
header block describing brand, version, platform. If your
User-Agent says Chrome 120 but you don’t send
sec-ch-ua: "Chromium";v="120", the WAF detects asymmetry.
🔗 Kill chain — Lateral User-Agent validation. The contract
that closes the browser identity loop.
📡 Defensive footprint — Any tier-1 WAF (Cloudflare, Akamai,
F5) cross-references User-Agent ↔ Client Hints ↔ JA3.
⚠️ False friend — Faking only User-Agent and Accept-Language.
Hand-rolled scripts forget Client Hints, sec-fetch-*, and header
order.
🛡️ Remediation (offensive) — Use real browsers or tools that
replicate the entire ecosystem.
← Back to the full glossary Last updated: 2026-06-11