Field values

Output fields

The resulting output fields can be classified into several categories:

  • The Device: The hardware that was used.
  • The Operating System: The base software that runs on the hardware
  • The Layout Engine: The underlying core that converts the ‘HTML’ into a visual/interactive
  • The Agent: The actual “Browser” that was used.
  • Extra fields: In some cases we have additional fields to describe the agent. These fields are among others specific fields for the Facebook and Kobo apps, and fields to describe deliberate useragent manipulation situations (Anonymization, Hackers, etc.)

Note that not all fields are always available. So if you look at a specific field you will in general find null values and “Unknown” in there as well.

There are as little as possible lookup tables included the system really tries to analyze the useragent and extract values from it. The aim of this approach is to have a system that can classify as much traffic as possible yet require as little as possible maintenance because all versions and in many places also the names of the used components are extracted without knowing them beforehand.

Values explained

Note about the Hacker classification:

Security scanning tools (like nmap, nessus and openvas) are also classified as Hacker. My reasoning is that it is a system that someone uses to find security problems. With tools like this it is clear it is not a normal visitor that is interested in the content of the website. What is uncertain is the reason behind this: is it to fix problems or to abuse them? So I classify all of them as hacking oriented tools. |


DesktopThe device is assessed as a Desktop/Laptop class device
AnonymizedIn some cases the useragent has been altered by anonymization software
UnknownWe really don’t know, these are usually useragents that look normal yet contain almost no information about the device
MobileA device that is mobile yet we do not know if it is a eReader/Tablet/Phone or Watch
TabletA mobile device with a rather large screen (common > 7")
PhoneA mobile device with a small screen (common < 7")
WatchA mobile device with a tiny screen (common < 2"). Normally these are an additional screen for a phone/tablet type device.
Augmented RealityA mobile device with a AR capabilities (like Google Glass)
Virtual RealityA mobile device with a VR capabilities
eReaderSimilar to a Tablet yet in most cases with an eInk screen
Set-top boxA connected device that allows interacting via a TV sized screen
TVSimilar to Set-top box yet here this is built into the TV
Home ApplianceA (usally large) home appliance (like a Fridge)
Game Console‘Fixed’ game systems like the PlayStation and XBox
Handheld Game Console‘Mobile’ game systems like the 3DS
VoiceA voice driven device (i.e. ask a question and the page is read aloud). Like Alexa and Google Home.
Smart DisplayA smart speaker kind of device with a tablet sized screen built in (like Google Nest and Amazon Echo Home)
CarA Car based browser as found in for example the Tesla vehicles
RobotRobots that visit the site
Robot MobileRobots that visit the site indicating they want to be seen as a Mobile visitor
Robot ImitatorRobots that visit the site pretending they are robots like google, but they are not. Note that in most cases they ARE Robots.
CloudA cloud based application. Not a Robot or Hacker but a normal application that needs to connect. This includes for example Mastodon servers.
HackerIn case scripting is detected in the useragent string, also fallback in really broken situations


DesktopThe type of OS you would run on a Desktop or Laptop
MobileThe type of OS you would run on a Phone, Tablet or Watch
CloudLooks like a thing that runs in a cloud environment
EmbeddedApparently embedded into something like a TV
Game ConsoleA game console like PS4, Xbox
HackerA hacker, so it can really be anything.
AnonymizedIt was explicitly hidden
UnknownWe don’t know


BrowserA regular browser
Desktop AppA desktop app (often a PWA)
Mobile AppA mobile app which probably includes a regular webbrowser
HackerA hacker, so it can really be anything.
RobotA robot spidering the site
CloudA cloud based application where it is unclear what kind of layout engine is really used
SpecialSomething special we cannot fully classify
UnknownWe don’t know


BrowserA regular browser
Browser WebviewA regular browser being used as part of a mobile app
Desktop AppA desktop app (often a PWA)
Mobile AppA mobile app
RobotA robot that wants to be treated as a desktop device
Robot MobileA robot that wants to be treated as a mobile device
Cloud ApplicationSomething running in a cloud that is intended to be Human facing (so not a regular robot)
ServerSomething running in a cloud that is intended to be Server-to-Server (so not a regular robot)
Email ClientThis is an email application that did the request
VoiceA voice driven ‘browser’ (i.e. ask a question and the page is read aloud). Like Alexa and Google Home.
SpecialSomething special we cannot fully classify
TestclientA website testing tool
HackerA hacker, so it can really be anything.
UnknownWe don’t know


Weak securityIndicated to use deliberately weakened encryption (usually due to export restrictions or local laws).
Strong securityIndicated to use strong (normal) encryption.
UnknownIt was not specified (very common)
HackerA hacker, so it can really be anything.