-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Detecting Brave (for Websites)
In general, it is not a privacy goal for the Brave browser to hide from websites that the user is using Brave. There are important caveats to this, see below.
On desktop and Android, Brave uses the same User Agent request header as Chrome for Web compatibility reasons. On iOS, Brave uses same User Agent as Safari except we also add Brave at the end of the string. In testing, we found that some websites broke on encountering an uncommon User Agent. We hide Brave on iOS in cases where there is website breakage or Brave is blocked or discriminated against. Historical note: we briefly experimented with using a User Agent string that added Brave/1 to Safari's, but found that that broke some websites; adding a plain Brave works better.
See https://github.com/brave/brave-browser/wiki/User-Agents.
We also expose Brave in the Sec-Ch-Ua header (except on iOS where client hints are not enabled). We disable sending Sec-Ch-Ua header in cases where there is website breakage or Brave is blocked or discriminated against.
If you want to detect Brave, please use the navigator.brave.isBrave() JavaScript API. We make this API unavailable in cases where there is website breakage or Brave is blocked or discriminated against.
Please let us know (on GitHub) if you see websites discriminating against Brave users. You can add example.com##+js(brave-fix) to your custom filters to prevent example.com (for example) from reading this JavaScript property.