Skip to main content

Client Hints (sec-ch-ua)

Modern browsers (Chromium) send a sec-ch-ua-* header block describing brand, version, platform.

Category: WAF Evasion 🎯 Trench — Modern browsers (Chromium) send a sec-ch-ua-* header block describing brand, version, platform. If your User-Agent says Chrome 120 but you don’t send sec-ch-ua: "Chromium";v="120", the WAF detects asymmetry. 🔗 Kill chain — Lateral User-Agent validation. The contract that closes the browser identity loop. 📡 Defensive footprint — Any tier-1 WAF (Cloudflare, Akamai, F5) cross-references User-Agent ↔ Client Hints ↔ JA3. ⚠️ False friend — Faking only User-Agent and Accept-Language. Hand-rolled scripts forget Client Hints, sec-fetch-*, and header order. 🛡️ Remediation (offensive) — Use real browsers or tools that replicate the entire ecosystem.
Back to the full glossary Last updated: 2026-06-11