We seek to align our implementation of GREASE in User Agent Client Hints with the current spec, which includes additional GREASE characters beyond the current semicolon and space, and which recommends varying the arbitrary version. This is to help prevent bad assumptions from being built on top of User-Agent strings.

Motivation

User-Agent GREASE is intended to discourage arbitrary user agent blocklists and other assumptions being built on top of the User-Agent header. A similar concept exists in TLS. This practice is currently implemented in Chromium, but today’s implementation differs slightly from the current spec. If implemented, this proposal would enable additional GREASE characters (the full list includes the following ASCII characters: 0x20 (SP), 0x28 (left parenthesis), 0x29 (right parenthesis), 0x2D (-), 0x2E (.), 0x2F (/), 0x3A (:), 0x3B (;), 0x3D (=), 0x3F (?), 0x5F (_)) and vary the arbitrary version over time. Note that the GREASE portion of the header would remain constant per major version, in accordance with the spec.

Specification

Specification link


Specification currently under development in a Working Group

Status in Chromium

Privacy>Fingerprinting


Proposed (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • Non-harmful
  • No signal
  • No signals

Owners

Intent to Prototype url

Intent to Prototype thread

Last updated on 2021-11-26