Why does Chrome use sec-ch-ua: "\"Not\\A;Brand";v="99"?
I understand that making user-agent hints more ambiguous is intended, in part, to make browser fingerprinting harder.
My own (Windows desktop) Chrome sends the headers:
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36
sec-ch-ua: "Chromium";v="86", "\"Not\\A;Brand";v="99", "Google Chrome";v="86"
sec-ch-ua-mobile: ?0
What I don't get is:
- Why the string "Not A Brand" specifically? Does anyone else use this pseudo-UA? Is this a joke of some sort?
- Why the
\"
and\\A;
inside the string? My only guess is that this is supposed to mess with parsers somehow (like the anti-IE hacks in CSS), but that seems like a rather odd purpose — and IIRC,\A
is the bell character. - How is this supposed to accomplish user-agent hint ambiguity, given that it also sends the full
user-agent
header, which has the specific version numbers? - While at it: why does Chrome's user-agent also claim to be Mozilla, AppleWebKit, and Safari? It isn't, and this
user-agent
string is distinctively Chrome's. Does it have some sort of embedded components from those other browsers?
It seems that it's part of Chromium's GREASEing strategy:
User agents' brands containing more than a single entry could encourage standardized processing of the UA string. By randomly including additional, intentionally incorrect, comma-separated entries with arbitrary ordering, they would reduce the chance that we ossify on a few required strings.
Looking at the Chromium repository, it seems that it was introduced in this commit
The commit description given is:
[client-hints] GREASEing the Sec-CH-UA list
Randomizing order and string with escaped characters to ensure proper
parsing and prevent ossification.
It also links to this ticket in the bug tracker.