Web User Agents

Editor’s Draft,

More details about this document
This version:
https://w3ctag.github.io/user-agents
Issue Tracking:
GitHub
Editors:
(Google)
Sarven Capadisli (Invited Expert)
Not Ready For Implementation

This spec is not yet ready for implementation. It exists in this repository to record the ideas and promote discussion.

Before attempting to implement this spec, please contact the editors.

Copyright © 2025 World Wide Web Consortium. W3C® liability, trademark and permissive document license rules apply.

Abstract

Web user agents include both web browsers and other intermediaries between end-users and the web. Each user agent serves its user, not any of the other constituencies. A user agent owes its user various duties, which should be established through collective discussions and embodied in the various standards that user agents implement.

Status of this document

This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C standards and drafts index.

This document was published by the Technical Architecture Group as an Editor’s Draft intended for the Note track. This is a draft document and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to cite this document as other than a work in progress. Editor’s Drafts are not endorsed by W3C nor its Members.

Feedback and comments on this document are welcome. Please file an issue in this document’s GitHub repository.

The W3C Patent Policy does not carry any licensing requirements or commitments on this document.

This document is governed by the 18 August 2025 W3C Process Document.

1. What is a web user agent

A web user agent is any software entity that interacts with websites outside the entity itself, on behalf of its user, including just to display the content of websites. In web specifications and the rest of this document, web user agents are usually referred to as just "user agents", but there are other kinds of user agents in other domains, for example "mail user agents" in the context of email. A person can use many different user agents in their day-to-day life.

The most common type of web user agent is the web browser, including in-app browsers that can follow cross-site links. However, user agents also include other tools like search engines, voice-driven assistants, and generative AI systems that present snippets or summaries of website content, or help people navigate and interact with websites.

User agent behavior is not completely defined by web standards or even by technical specifications in general. In particular, user agents choose which specifications to implement in order to best serve their users, and they implement proprietary user interfaces and other behavior around the specifications they do implement.

1.1. User agents as software components

As software entities, user agents can be parts of larger applications, and they can call libraries that implement the web platform or parts of it.

If the user of an application can distinguish the user agent inside that application from other parts of the application that act on the application’s author’s behalf ("first-party" parts of the application), then only the user agent parts, which browse "third-party" content, need to follow the user agent duties. Applications with embedded user agents should give their users clear expectations about what behavior they should expect from different parts of the app. If the distinction between third-party and first-party content is too small, the application should also follow the user agent duties for its first-party content.

Similarly a library that implements the web platform may or may not be a full user agent. Some, like SFSafariViewController and Android Custom Tabs take the responsibility of implementing the user agent duties and of making a clear distinction between the third-party content they browse and the first-party content controlled by the embedded application. These libraries are user agents.

Other libraries, like the Android, iOS, and Windows WebView libraries, are designed to support many kinds of applications. Because some of these applications only include first-party content, WebView libraries aren’t meant to be user agents on their own, and they don’t implement the user agent duties.

Ultimately, an embedding application is responsible for ensuring that it follows the user agent duties if it or part of it is a user agent. This can be nearly trivial if it only browses third-party content using a user agent library. Developers need to take more care when implementing an in-app browser using a non-user agent WebView.

2. How the ecosystem works

The structure of the web browser market helps ensure that browsers act as trustworthy agents, but it can also give them conflicts of interest. There are many browsers available for free, which allows users to switch away from a browser that violates their trust. Security and privacy researchers also actively investigate browser behavior and publicize any unexpected or user-hostile behavior, which helps users pick a browser and be confident that it’s trustworthy. These researchers benefit from the parts of browsers that are open source.

The trustworthiness of the available browsers is further aided by a culture of service to end-users among the people who develop browsers. However, we can’t just assume that culture will sustain itself: it’s important that browsers which lose that culture also lose in the marketplace, fast enough to prevent the culture-loss from spreading.

3. Duties of user agents

Each user agent serves its user (The Internet is for End Users), not any of the other constituencies. A user agent owes its user various duties, which should be established through collective discussions and embodied in the various standards that user agents implement.

3.1. Protection

It should be safe to visit a web page. Visiting a page must not by itself let the page change the user’s computer or environment, such as by installing software or accessing hardware.

Any data revealed to sites or other observers should be aligned with the user’s preferences and follow the principle of data minimization. In particular, user agents must act to limit the potential for sites to track user activity [unsanctioned-tracking].

Users may choose to share more information, such as by filling out forms or granting permissions. Even then, user agents must help users avoid deception and clearly signal when a page attempts to gain elevated access.

Access to local files or other sensitive resources must be limited to clear, intentional user actions, with appropriate warnings.

EXAMPLE: Attacks

User agents need to prevent malicious code on a site from being able to escape the user agent to modify the user’s computer or access other origins. User agents meet this duty of protection by sandboxing components, using memory-safe languages, and employing security teams to find and respond to vulnerabilities. These defenses need to evolve continuously to address new threats.

EXAMPLE: Tracking

If a person visits unrelated websites, it’s feasible to avoid sending a shared identifying cookie to embedded iframes. A browser that does send such a cookie is failing its duty of protection. However, revealing a stable IP address is currently unavoidable, so it’s not a violation.

EXAMPLE: Local Files

User agents are expected prevent pages from accessing local files unless the user explicitly selects or opens one. This motivates behaviors like

However, users can still choose to share files, e.g., via uploads or downloads. APIs like File System Access don’t violate this duty, provided users can meaningfully consent.

3.2. Honesty

A user agent is responsible to explain to its user what’s going on, in terms that user is likely to be able to understand. These explanations should happen at appropriate times and frequencies, so that they actually help the user understand instead of interrupting and distracting the user.

3.3. Loyalty

A user agent must serve its user’s interests over its implementer’s interests and over the interests of any other party.

A user agent can be loyal while also collecting payment for its services, as long as that payment is fair and was agreed ahead of time.

A user agent can also help its user make a credible commitment to a page in order to get that page’s services, and it’s not disloyal to maintain that commitment after getting the services.

4. Acknowledgements

Thanks to the Infra Standard for an earlier definition of User Agents and to Privacy Principles for the initial version of these duties.

Index

Terms defined by this specification

Terms defined by reference

References

Normative References

[DESIGN-PRINCIPLES]
Martin Thomson; Jeffrey Yasskin. Web Platform Design Principles. URL: https://w3ctag.github.io/design-principles/
[RFC8890]
M. Nottingham. The Internet is for End Users. August 2020. Informational. URL: https://www.rfc-editor.org/rfc/rfc8890

Informative References

[CSS-FONTS-5]
Chris Lilley. CSS Fonts Module Level 5. URL: https://drafts.csswg.org/css-fonts-5/
[FILE-SYSTEM-ACCESS]
File System Access. Draft Community Group Report. URL: https://wicg.github.io/file-system-access/
[HTML]
Anne van Kesteren; et al. HTML Standard. Living Standard. URL: https://html.spec.whatwg.org/multipage/
[Infra]
Anne van Kesteren; Domenic Denicola. Infra Standard. Living Standard. URL: https://infra.spec.whatwg.org/
[PRIVACY-PRINCIPLES]
Robin Berjon; Jeffrey Yasskin. Privacy Principles. URL: https://w3ctag.github.io/privacy-principles/
[UNSANCTIONED-TRACKING]
Mark Nottingham. Unsanctioned Web Tracking. 17 July 2015. TAG Finding. URL: http://www.w3.org/2001/tag/doc/unsanctioned-tracking/
[URL]
Anne van Kesteren. URL Standard. Living Standard. URL: https://url.spec.whatwg.org/