Viewable With ANY Browser

Note: My Web pages are best viewed with style sheets enabled.


Browser Sniffing:
Detecting It, Dealing With It, and Defeating It

Copyright © 2010, 2011, 2016, 2018, 2024 by David E. Ross

When you tried to view a Web page …

All of these — and other anomalies — are symptoms of browser sniffing. Sniffing is a method by which a Web server determines what browser you are using. Problems with developing Web sites with sniffing are detailed under Sniffing in my "Professional" Web Developers. A well-designed Web page that complies with internationally recognized specifications published by the non-profit World Wide Web Consortium (W3C) and that addresses the recommendations of the Viewable With Any Browser Campaign should not require sniffing.

Unfortunately, too many Web developers create poorly designed pages that fail to comply with the specifications. Instead, Web developers often attempt to enhance Web pages by taking advantage of non-standard capabilities of various browsers. To accomplish this, a developer must create multiple versions of each Web page and then sniff for your browser in order to send you the correct version of the page. Frequently, the implementation of sniffing is incomplete — omitting some browsers — or otherwise incorrect. For example, if you are using a browser that the Web developer did not anticipate, the result can be unreadable garbage.

*** Begin Right Sidebar ***

On this page, some terms appear in bold where they are first used. The meaning of those terms should be clear from that first use.

The first use of other terms are links to pages where they are either defined or discussed in sufficient detail to make their meanings clear. Where those links are to my Internet Glossary, the page will appear either in a new window or a separate tab.

Some of this page's content is quite technical. If you don't understand it, contact me for help.

*** End Right Sidebar ***

Detecting Browser Sniffing

Dealing with Incorrect Browser Sniffing

Defeating Browser Sniffing

Detecting Browser Sniffing

Conclusively detecting whether a Web server is sniffing might be difficult.

Dealing with Incorrect Browser Sniffing

The most important thing to remember when you encounter incorrect sniffing is that your browser is not broken. Instead, the problem lies within the Web page. Thus, you must communicate the problem back to the Web site's developer and owner.

Defeating Browser Sniffing

The following is oriented towards Gecko-based browsers. It is based on my own use of SeaMonkey 2.49.4. However, some other browsers might have features that could make this information somewhat useful.

Gecko-based browsers can spoof other browsers by sending fake UA strings. Unless a Web site requires specialized applications peculiar to only one browser (e.g., ActiveX used by IE), spoofing is usually successful in defeating incorrect sniffing. This capability is especially important for Gecko-based, non-Firefox browsers. Many sniffing Web sites that work correctly for Firefox fail to work for other Gecko-based browsers because those sites wrongly sniff for Firefox instead of Gecko.

Note: In general, users should NOT spoof by changing their UA string via setting a browser's preference variables. This can result in a permanent spoof, which will hide the true identity of your browser. In the end, Web developers will then claim your browser never visits their Web sites and thus they don't have to accommodate your browser when sniffing.

With SeaMonkey 2.1, a new feature — Advertise Firefox compatibility — automatically spoofs Firefox in all cases. This feature is controlled by a preference checkbox, which by default enables this permanent spoofing. I have disabled it.

Users can install a browser extension that can temporarily change your UA string for spoofing. Two such extensions are PrefBar and UserAgentSwitcher. Both of these are easy to use. Changing and inserting new UA strings in these extensions is not difficult. Both also have the feature that, if you forget to do so, they restore your true UA string when you terminate and then relaunch your browser.

Sources of UA strings to add to the spoofing capabilities of PrefBar and UserAgentSwitcher all seem to be so old as to be obsolete. For my own use, I download my ISP's log of visits to my Web site. I then search the log for UA strings that are more recent than those I am already using, liminting the search to UA strings for Firefox, Edge, Internet Explorer 11, Opera, Chrome, and Safari.

My browser is SeaMonkey. I use PrefBar for spoofing, primarily because I already have the PrefBar extension installed for other uses. While I have it setup to truly spoof Firefox without any mention of SeaMonkey, I usually have PrefBar spoof with the UA string

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 SeaMonkey/2.49.4, NOT Firefox/63.0
at the time this was written. Note carefully what this UA string says: "This is really SeaMonkey and not Firefox." This successfully spoofs Firefox because sniffing almost always looks for merely a fragment of a string (Firefox in this case) and does not parse and evaluate the entire UA string (thus ignoring the NOT). This does not hide the true identity of my browser. In a few cases, I successfully argued with a Web developer that sniffing for Firefox was wrong by having him look at his server log, which showed that I actually used SeaMonkey.

Some Web sites, however, do some parsing when sniffing. For example, Micro$oft's Get Silverlight looks for Firefox to be the first non-numeric string after Gecko. In this case, it is necessary to spoof with something like

Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Firefox/63.0 (NOT - it's really SeaMonkey! Stop browser sniffing) SeaMonkey/2.49.4

In some sniffing cases, it becomes necessary to omit any mention of a non-Firefox browser. Both PrefBar and UserAgentSwitcher have the capability of maintaining lists of spoofs — including user-created UA strings that do not mention the actual browser — so that the user can choose whichever spoof is appropriate for a given sniffing situation.

A copy of my PrefBar inputs for spoofing UA strings is available as a file named UA_spoof.btn. To install this in PrefBar:

Updated 12 January 2024

Valid HTML 4.01