The card above shows the browser name, version, rendering engine, and operating system your device reports to my server. Most of that information comes from a single HTTP header your browser sends with every request: the User-Agent string. Some of it is probed in JavaScript using the newer User-Agent Client Hints API. Below I explain the difference, why your browser version is the single most important number on this page for security, and the menu path to update each of the five browsers you are most likely on. I also share a debugging story that taught me to stop trusting the User-Agent string for anything more than display.
What this page detects about your browser
When your browser opened this page, it sent an HTTP request with several headers my server can read. The User-Agent header is the main one. A modern Chrome user agent looks like this:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/138.0.0.0 Safari/537.36From that one line I can extract: the operating system family (Windows), the architecture (64-bit), the rendering engine (Blink, identified as AppleWebKit for historical reasons), and the browser brand and version (Chrome 138). The card above parses these fields and labels them.
A few signals are not in the User-Agent header at all. The detection of mobile versus desktop is partly inferred from the UA token, partly from the screen dimensions reported by the JavaScript window.screen API. The browser engine (Blink, Gecko, WebKit) is inferred from the UA but verified by feature-detecting APIs each engine exposes uniquely. If the User-Agent string lies (and many browsers let users override it), the engine detection still tends to be right because feature detection is harder to fake.
What this page deliberately does not show: your IP address, your physical location, or any fingerprinting hash. For those, see the IP tool and the location tool. This page is scoped to the browser itself.
How browser detection actually works in 2026
The User-Agent string is being slowly phased out, replaced by a structured alternative called User-Agent Client Hints. The reason is that the UA string has become a fingerprinting nightmare: it contains the browser version, the OS version, the architecture, and sometimes the device model, all of which combine to identify individual users across sites.
Chrome has been freezing the high-entropy parts of the UA string since version 101. The major version still updates; the minor version is locked at 0.0.0. The OS version reads as a coarse value. The actual details now live in navigator.userAgentData, a JavaScript object that returns structured data and requires an explicit method call to access the high-entropy fields:
// Modern feature detection in 2026
if (navigator.userAgentData) {
const brands = navigator.userAgentData.brands;
const mobile = navigator.userAgentData.mobile;
const platform = navigator.userAgentData.platform;
console.log({ brands, mobile, platform });
// High-entropy details require explicit request
navigator.userAgentData
.getHighEntropyValues(['platformVersion', 'model', 'architecture'])
.then(console.log);
}Firefox and Safari implement navigator.userAgentData partially or not at all, so cross-browser code still falls back to UA string parsing. The W3C draft for User-Agent Client Hints formalizes the API; it is the right thing to use for any new feature detection in 2026.
The lesson I have internalized: never sniff the UA string to decide what features to enable. Feature-detect instead. if (window.IntersectionObserver) is correct; if (userAgent.includes('Chrome') && version > 90) is wrong, because Edge, Brave, Opera, and Arc all match that condition and may behave differently. UA parsing belongs in analytics and crash reports, not in production code paths.
Why the version number above matters more than the brand
A browser two major versions behind the current release is a security risk. Chrome, Firefox, and Edge all ship security patches in every release on a four-week cadence. Safari ships with macOS and iOS updates, so a Safari version is usually tied to whether you have applied OS updates. Looking at the card above, if your version is more than two months behind the latest, you are missing fixes for publicly disclosed vulnerabilities.
The reason this matters more than โwhich browserโ is that all major browsers in 2026 are roughly equivalent in standards support and performance. The real difference between them is privacy defaults, update cadence, and the strength of their sandboxing. An up-to-date Chrome is safer than an out-of-date Firefox; an up-to-date Firefox is safer than an out-of-date Chrome. The version number is the single biggest predictor of how exploitable your browser is right now.
A secondary reason is web compatibility. New CSS, new JavaScript, and new media codecs ship in browser updates. If you cannot see modern features on a page that works for everyone else, your browser version is the first thing to check. caniuse.com is the authoritative reference for which browser version supports which web feature.
How to update your browser, by vendor
Auto-update is on by default in every browser I list below. Restart the browser if it has been open for more than a day, since most updates require a restart to take effect.
Chrome
Click the three-dot menu at the top right, then Help โ About Google Chrome. Chrome checks for updates and applies them. Click Relaunch to finish. On managed devices, your IT team may control the update channel.
Firefox
Three-line menu at the top right, then Help โ About Firefox. Firefox downloads any update and offers to restart. On Linux, updates usually come through your distribution's package manager instead.
Safari
Safari is updated as part of macOS and iOS. Open System Settings โ General โ Software Update on macOS, or Settings โ General โ Software Update on iOS. You cannot update Safari independently.
Edge
Three-dot menu, Help and feedback โ About Microsoft Edge. Same flow as Chrome, since Edge is also Chromium. On Windows, Edge also receives updates through Windows Update.
Brave
Hamburger menu, About Brave. Updates inherit Chromium's cadence by a few days. Brave on iOS uses WebKit because Apple required it; only on macOS, Windows, Android, and Linux does Brave use its own Chromium fork.
Privacy: what your browser tells websites without asking
A website does not need cookies, an IP address, or a login to recognize you across visits. The combination of your User-Agent string, screen resolution, list of installed fonts, available canvas-rendering quirks, WebGL renderer, audio context fingerprint, and timezone produces a hash that is often unique to a single device. The EFF's Cover Your Tracks test puts a number on it.
The biggest contributors to your browser fingerprint, in rough order:
- Canvas fingerprinting: a hidden HTML canvas is told to draw specific text and shapes; the resulting pixel hash varies by GPU, font rendering, and OS.
- WebGL renderer: the GPU model name, exposed through UNMASKED_RENDERER_WEBGL, is highly identifying. See the WebGL tool for what your browser exposes.
- Installed fonts: the list of fonts a browser can render is mostly fixed per OS but customized fonts make this signal sharper.
- Audio context: a silent oscillator processed through an audio context produces hardware-dependent output.
- Screen resolution and pixel ratio: see the screen tool for what is exposed.
Brave, Firefox with privacy.resistFingerprinting = true, and Tor Browser actively randomize or normalize these signals. Chrome and Edge do not, though Chrome's Privacy Sandbox proposals (Topics API, Attribution Reporting) are intended to make fingerprinting commercially unnecessary by providing approved alternatives.
Major browsers compared in 2026
A user reported a broken sign-in flow on what they called โChrome.โ The UA they pasted contained Chrome/138, so the bug looked like a real Chrome regression. After two hours of console debugging I realized they were on Brave 1.78 with shields set to strict, which masks the WebGL renderer string the third-party auth library was using for device binding. A fresh Brave install without shields reproduced the working flow immediately. If I had asked them to open this page first, the Brave brand would have shown up in the User-Agent Client Hints and I would have had the answer in thirty seconds.
| Browser | Engine | Release cadence | Default tracker blocking | Available on |
|---|---|---|---|---|
| Chrome | Blink | 4 weeks | Off by default | Win / Mac / Linux / iOS / Android |
| Firefox | Gecko | 4 weeks | Standard ETP on | Win / Mac / Linux / iOS / Android |
| Safari | WebKit | With macOS / iOS | ITP on by default | Mac / iOS only |
| Edge | Blink | 4 weeks | Balanced tracking prevention | Win / Mac / Linux / iOS / Android |
| Brave | Blink (WebKit on iOS) | 4 weeks | Aggressive shields on | Win / Mac / Linux / iOS / Android |
| Arc | Blink | Continuous | DuckDuckGo tracker blocking | Mac / Win / iOS |
On iOS, every browser is required by App Store policy to use WebKit (Safari's engine) regardless of brand. Chrome on iPhone is a UI wrapper around WebKit; the same is true for Firefox, Brave, Edge, and Arc on iOS. The engine column above is accurate for desktop and Android only. The EU's Digital Markets Act forced Apple to allow alternative engines in 2024, but adoption has been slow.
Frequently asked questions
How do I update my browser?
In Chrome, Firefox, Edge, and Brave: open the main menu, then click Help โ About. The browser checks for updates and offers a restart to apply them. Safari updates with macOS and iOS via System Settings โ Software Update. Auto-update is on by default in all of them; restart the browser if you have not in a few days.
What is the difference between Chrome and Chromium?
Chromium is the open-source browser project Google maintains. Chrome is the binary Google ships, which adds proprietary codecs (H.264, AAC), automatic updates, Widevine DRM for streaming, Google account sync, and Chrome-branded features. Edge, Brave, Opera, and Arc are all Chromium-based but each adds and removes different pieces. The underlying rendering engine (Blink) is the same.
Why does my browser version matter?
Browsers are a primary target for malware. Every major release ships security patches for publicly disclosed vulnerabilities. A browser two versions behind is exposed to bugs that are already documented and being exploited in the wild. Version also controls which web standards and APIs your browser supports; features behind release gates simply do not exist on older versions.
Can a website see exactly which browser I am using?
Yes, with high but not perfect accuracy. The User-Agent string and User-Agent Client Hints disclose the brand and version. Brave and Tor randomize or freeze some of these signals, and any user can spoof the User-Agent string via developer tools or an extension. Feature detection of browser-specific quirks is harder to fake; truly hiding the browser is impractical.
What is the safest browser in 2026?
The safest browser is the up-to-date one you actually keep up-to-date. Chrome, Firefox, Safari, and Edge are all sandboxed, audited, and patched on a tight cycle. For maximum privacy out of the box, Brave or Firefox with strict tracking protection wins. For specifically resisting fingerprinting, Tor Browser is the gold standard but is much slower. For most people, keeping any major browser updated is more important than choosing one over another.
Related tools
The raw User-Agent string is shown on What Is My User Agent if you need to copy it for a bug report. The GPU renderer and WebGL signals your browser leaks are on What Is My WebGL / GPU. Cookie and tracking state is on What Is My Cookie / Tracking Status. And the screen and viewport dimensions browsers report are on What Is My Screen Resolution.
Sources cited above
- Chrome documentation: User-Agent Client Hints and UA reduction
- W3C / WICG draft: User-Agent Client Hints specification
- MDN:
navigator.userAgentDatareference - caniuse.com: browser feature support tables
- EFF Cover Your Tracks: browser fingerprinting test