Client Hints is a new feature introduced by Google on Chrome browser and is later adopted by other browsers and included in the HTTP specifications. Client Hints was developed to help deliver responsive web easier and faster, and also makes it easier for webmasters to markup less code.
Client Hints are passed to the server via HTTP request header and allow the server to decide the best layout for delivering contents to the browser. The client (web browser) is providing specification to the server when it requests certain contents such as images. As client hints are new, not all servers are accepting the Client Hints by default and they must be enabled. Also, not all browsers support Client Hints, so the server has to be configured to accept specific client hints.
The current implementation uses user agent to learn what browser a client is using. However, User-Agent (UA) has been used for quite some time and the string has grown to include information about the operating systems, browser and version, device type, and more. The User-Agent string has not been formally standardized so parsing the User-Agent string to learn the exact specification of the browser is impossible, and hence client hints were developed.
What is User Agent?
User Agent is the string sent by the browser as an HTTP request header when making a request to the server. It is sent with every HTTP request, and it is identifying itself as a client. Each web browser provides a built-in User-Agent string, and this value can be changed by a user. Since it can be arbitrarily changed by a user, it cannot be fully trustable as the user may fake this value.
What are Client Hints?
Client Hints is a set of HTTP request headers that are sent to the server when making a request. There are a variety of client hints headers, and more are being developed. The goal of using client hints is to let the server know the client's display details so that server can provide the best content that the browser can process. Not all client hints are used, so it is webmaster's choice to include the type of client hints the server wants to process. Client Hints only work in HTTPS, so your domain must be service contents over secure HTTP to utilize client hints. The following are a few popular client hints are are used:
The server will let the client know that it will accept the Client Hints by sending Accept-CH header or send within the meta tag. The following two methods are used to let the clients know:
Accept-CH: DPR, Viewport-Width, Width, Downlink
<meta http-equiv="Accept-CH" content="DPR, Viewport-Width, Width, Downlink">
Notice the value of Accept-CH is a comma-separated list of requested client hints the site will use. Upon receipt of the header, the client knows what the client hints the server wants. Please note that the client hints only works in HTTPS transmission.
There are User-Agent Client Hints that expand the range of properties with the Sec-CH-UA prefix that can be specified via the Accept-CH response header. Here are the examples of some User-Agent Client Hints.
Sec-CH-UA: "Chromium";v="84", "Google Chrome";v="84"
Sec-CH-UA-Model: "Galaxy S20"
Client Hints and Privacy Concerns
Client hints provide very specific information about the browser which can be used to identify the user. Once client hints are enabled, it is enabled across the entire domain and its subdomain as well as third-party involved in the request. A third-party with bad intentions can identify the user with client hints with IP address, and it can become a privacy issue as a user may be traced. There are some implementation details that can help reduce the privacy issues, and they are offered by the HTTP Working Group.
Client Hints was developed to help the server identify the browser, and provide the most responsive content. It solves some of the problems User-Agent possesses, and was first introduced in Google Chrome and later adopted by other browsers and included in the HTTP Specifications. Since client hints are still being developed, and not all servers and clients are supporting them, it will take some time to become widely used.
Leave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.