MWM
Contact salesMWM AI
Attribution & Measurement

User Agent

Also known asUser-Agent StringUA String

A text string a browser or app sends with each HTTP request that describes the device, operating system, and software — used as one signal in probabilistic attribution and fingerprinting.

Key takeaways

  1. 01A user-agent string is metadata sent with HTTP requests identifying the device model, OS version, and browser/app making the request.
  2. 02In attribution it's one of the signals (with IP and timestamp) used for probabilistic matching when a device ID isn't available.
  3. 03It's easily spoofed, which is why UA-based signals are treated as probabilistic, not deterministic — and why fraudsters use fake UAs.
  4. 04Apple and Google have been "freezing" / reducing UA detail to limit fingerprinting, mirroring the broader privacy shift.

A user agent is a string of text that a browser or app includes in every HTTP request, describing the software and device making the request — for example the OS, OS version, device model, and browser engine. It's a standard part of how web traffic identifies itself to servers.

The user agent in attribution

When a deterministic [[device-id]] isn't available (the common case post-[[att]]), attribution falls back to [[probabilistic-attribution]]: matching an ad click to an install using a combination of IP address, timestamp, and the user-agent string. The UA contributes device/OS detail that narrows the match. Because none of these signals is a stable unique ID, the result is a statistical probability, not a certainty.

Spoofing and privacy. Because the UA is self-reported, it can be trivially faked — fraud farms rotate fake user agents to disguise [[bot-traffic]], and [[fingerprinting]] uses the UA as one input. In response, Apple and Google have been reducing UA granularity (UA "freezing"/reduction) to limit cross-site fingerprinting, consistent with the wider move away from trackable signals.

Quick answers

What is a user-agent string?

A user-agent string is text sent with every HTTP request that describes the client making it — the browser or app, its version, the operating system, and often the device model. Servers read it to adapt responses and, in advertising, to help characterize traffic. It's self-reported, so it can be inaccurate or deliberately faked.

How is the user agent used in attribution?

As one signal in probabilistic attribution. When a device ID like the IDFA isn't available, MMPs estimate the match between an ad click and an install using IP address + timestamp + user-agent. The UA adds device/OS detail to narrow the candidate set, but because it isn't a unique stable ID the match is a probability, not a deterministic 1:1 link.

Can a user agent be faked?

Yes — the user agent is self-reported text, so any client can send whatever string it wants. Legitimate uses exist (testing, compatibility), but fraudsters rotate fake user agents to disguise bot traffic and evade detection. This is exactly why UA-derived attribution is treated as probabilistic and is paired with other anti-fraud signals.

Next reads

Back to glossary