How to enforce the client hints user-agent headers from Proxy
Article ID: 435659
Updated On:
Products
Issue/Introduction
Client Hints are a set of HTTP Headers and a JavaScript API that allow web browsers to send detailed information about the client device and browser to web servers. They are designed to be a successor to User-Agent, and provide a standardized way for web servers to optimize content for the client without relying on unreliable user-agent string-based detection or browser fingerprinting techniques.
ProxySG Admin wanted to leverage the Accept-CH HTTP response header to force the User-Agents supporting client hints to send the Sec-CH-UA-Full-Version-List HTTP request header, providing the user-agent's branding and full version information.
When the user-agent sends these granular details, more advanced checks can be performed at the proxy than with the current User-Agent HTTP header that is less reliable and easily spoofed.
Environment
ProxySG.
VPM.
Resolution
Create a rule under the web access layer (source any; destination any) where the action sets the 'Accept-CH' HTTP header to be 'Sec-CH-UA-Full-Version-List'
Once applied, developer tools can be used to confirm the response header is set correctly. The following screenshot also shows a sample request header containing the user-agent (major, minor, build and patch) version details.
Feedback
