Chrome为什么要使用sec-ch-ua:"\" Not \\ A; Brand"; v ="99"? [英] Why does Chrome use sec-ch-ua: "\"Not\\A;Brand";v="99"?
问题描述
我了解到,使用户代理提示更加模棱两可的部分原因是,使浏览器指纹识别更加困难.
I understand that making user-agent hints more ambiguous is intended, in part, to make browser fingerprinting harder.
我自己的(Windows桌面)Chrome发送标头:
My own (Windows desktop) Chrome sends the headers:
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36
sec-ch-ua: "Chromium";v="86", "\"Not\\A;Brand";v="99", "Google Chrome";v="86"
sec-ch-ua-mobile: ?0
我没有得到的是:
- 为什么字符串"Not A Brand"具体来说?是否还有其他人使用此伪UA?这是个玩笑吗?
- 为什么在字符串内使用
\"
和\\ A;
?我唯一的猜测是,它应该以某种方式与解析器混淆(例如CSS中的反IE hacks),但这似乎是一个很奇怪的目的— IIRC,\ A
是响铃字符. - 考虑到还发送完整的
user-agent
标头(具有特定的版本号),这应该如何实现用户代理提示含糊? - 与此同时:为什么Chrome的用户代理还声称是Mozilla,AppleWebKit和Safari?并非如此,并且这个
user-agent
字符串是Chrome的独特字符串.它是否具有其他浏览器提供的某种嵌入式组件?
- Why the string "Not A Brand" specifically? Does anyone else use this pseudo-UA? Is this a joke of some sort?
- Why the
\"
and\\A;
inside the string? My only guess is that this is supposed to mess with parsers somehow (like the anti-IE hacks in CSS), but that seems like a rather odd purpose — and IIRC,\A
is the bell character. - How is this supposed to accomplish user-agent hint ambiguity, given that it also sends the full
user-agent
header, which has the specific version numbers? - While at it: why does Chrome's user-agent also claim to be Mozilla, AppleWebKit, and Safari? It isn't, and this
user-agent
string is distinctively Chrome's. Does it have some sort of embedded components from those other browsers?
推荐答案
似乎它是Chromium的润滑策略:
It seems that it's part of Chromium's GREASEing strategy:
包含多个条目的用户代理品牌可能会鼓励对UA字符串进行标准化处理.通过随机包含其他,有意不正确的,以任意顺序排序的逗号分隔条目,它们将减少我们在一些必需的字符串上僵化的机会.
User agents' brands containing more than a single entry could encourage standardized processing of the UA string. By randomly including additional, intentionally incorrect, comma-separated entries with arbitrary ordering, they would reduce the chance that we ossify on a few required strings.
查看Chromium存储库,它似乎是在此提交中引入的
给出的提交描述是:
[client-hints] GREASEing the Sec-CH-UA list
Randomizing order and string with escaped characters to ensure proper
parsing and prevent ossification.
它还链接到错误跟踪器中的此票证
It also links to this ticket in the bug tracker.
这篇关于Chrome为什么要使用sec-ch-ua:"\" Not \\ A; Brand"; v ="99"?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!