Web User Agents

Editor’s Draft , 17 September 2025

More details about this document
This version:
https://w3ctag.github.io/user-agents
Issue Tracking:
GitHub
Editors:
( Google )
Sarven Capadisli ( Invited Expert )
Not Ready For Implementation

This spec is not yet ready for implementation. It exists in this repository to record the ideas and promote discussion.

Before attempting to implement this spec, please contact the editors.

Copyright © 2025 2026 World Wide Web Consortium . W3C ® liability , trademark and permissive document license rules apply.

Abstract

Web user agents include both web browsers and other intermediaries between end-users and the web. Each user agent serves its user, not any of the other constituencies. A user agent owes its user various duties, which should be established through collective discussions and embodied in the various standards that user agents implement.

Status of this document

This section describes the status of this document at the time of its publication. A list of current W3C publications and the latest revision of this technical report can be found in the W3C standards and drafts index .

This document was published by the Technical Architecture Group as an Editor’s Draft intended for the Note track. This is a draft document and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to cite this document as other than a work in progress. Editor’s Drafts are not endorsed by W3C nor its Members.

Feedback and comments on this document are welcome. Please file an issue in this document’s GitHub repository .

The W3C Patent Policy does not carry any licensing requirements or commitments on this document.

This document is governed by the 18 August 2025 W3C Process Document .

1. What is a web user agent

A web user agent is any software entity that interacts with websites outside the entity itself, on behalf of its user, including just to display the content of websites. In web specifications and the rest of this document, web user agents are usually referred to as just " user agents ", but there are other kinds of user agents in other domains, for example "mail user agents" in the context of email. A person can use many different user agents in their day-to-day life.

The most common type of web user agent is the web browser, including in-app browsers that can follow cross-site links. However, user agents also include other tools like search engines, voice-driven assistants, and generative AI systems that present snippets or summaries of website content, or help people navigate and interact with websites.

User agent behavior is not completely defined by web standards or even by technical specifications in general. In particular, user agents choose which specifications to implement in order to best serve their users, and they implement proprietary user interfaces and other behavior around the specifications they do implement.

2. How the ecosystem works

The structure of the web browser market helps ensure that browsers act as trustworthy agents, but it can also give them conflicts of interest. There are many browsers available for free, which allows users to switch away from a browser that violates their trust. Security and privacy researchers also actively investigate browser behavior and publicize any unexpected or user-hostile behavior, which helps users pick a browser and be confident that it’s trustworthy. These researchers benefit from the parts of browsers that are open source.

The trustworthiness of the available browsers is further aided by a culture of service to end-users among the people who develop browsers. However, we can’t just assume that culture will sustain itself: it’s important that browsers which lose that culture also lose in the marketplace, fast enough to prevent the culture-loss from spreading.

3. Duties of user agents

Each user agent serves its user ( The Internet is for End Users ), not any of the other constituencies. A user agent owes its user various duties, which should be established through collective discussions and embodied in the various standards that user agents implement.

3.1. Protection

It should be safe to visit a web page. Visiting a page must not by itself let the page change the user’s computer or environment, such as by installing software or accessing hardware.

Any data revealed to sites or other observers should be aligned with the user’s preferences and follow the principle of data minimization . In particular, user agents must act to limit the potential for sites to track user activity [unsanctioned-tracking] .

Users may choose to share more information , such as by filling out forms or granting permissions. Even then, user agents must help users avoid deception and clearly signal when a page attempts to gain elevated access.

Access to local files or other sensitive resources must be limited to clear, intentional user actions, with appropriate warnings.

EXAMPLE: Attacks

User agents need to prevent malicious code on a site from being able to escape the user agent to modify the user’s computer or access other origins . User agents meet this duty of protection by sandboxing components, using memory-safe languages, and employing security teams to find and respond to vulnerabilities. These defenses need to evolve continuously to address new threats.

EXAMPLE: Tracking

If a person visits unrelated websites, it’s feasible to avoid sending a shared identifying cookie to embedded iframes. A browser that does send such a cookie is failing its duty of protection. However, revealing a stable IP address is currently unavoidable, so it’s not a violation.

EXAMPLE: Local Files

User agents are expected prevent pages from accessing local files unless the user explicitly selects or opens one. This motivates behaviors like

However, users can still choose to share files, e.g., via uploads or downloads. APIs like File System Access don’t violate this duty, provided users can meaningfully consent . .

3.2. Honesty

A user agent must mediate between the Web and its user, explaining what is responsible to explain happening in a form the user can understand.

A user agent may use multiple approaches for explanations, including text, permission prompts, indicators, previews, and other interface elements. Consider the placement of these elements and whether anything needs emphasis.

A quintessential example is user agents indicating if a website was served over an encrypted connection. This has evolved over time, from insecure sites being shown with a broken lock icon, to its some user what’s going on, agents explicitly including the text "not secure" in terms the URL bar.

Specifications, like the Media Capture and Streams , include Privacy Indicator Requirements that require user is likely agents to be able explain some specific kinds of website behavior, but user agents should also use the same techniques when users need to understand. These know about other behavior, even if a specification doesn’t specifically call out that behavior.

An honest user agent actively works to present the truth to its user. It doesn’t just avoid lies. Its explanations should happen at appropriate times clearly represent the current state and frequencies, likely consequences, avoid euphemism or ambiguity, and make it obvious when sensitive activity is occurring.

The user agent should choose when and how often to show these explanations, so that they actually help explanations arrive when helpful and inform rather than distract. The user agent should ensure the user understand instead of interrupting can control if and distracting the user. when they make a decision.

3.3. Loyalty

A user agent must serve its user’s interests over its implementer’s interests and over the interests of any other party.

A user agent can be loyal while also collecting payment for its services, as long as that payment is fair and was agreed ahead of time.

A user agent can also help its user make a credible commitment to a page in order to get that page’s services, and it’s not disloyal to maintain that commitment after getting the services.

4. Acknowledgements

Thanks to the Infra Standard for an earlier definition of User Agents and to Privacy Principles for the initial version of these duties.

Index

Terms defined by this specification

Terms defined by reference

References

Normative References

[DESIGN-PRINCIPLES]
Martin Thomson; Jeffrey Yasskin. Web Platform Design Principles . URL: https://w3ctag.github.io/design-principles/
[MEDIACAPTURE-STREAMS]
Cullen Jennings; et al. Media Capture and Streams . URL: https://w3c.github.io/mediacapture-main/
[RFC8890]
M. Nottingham. The Internet is for End Users . August 2020. Informational. URL: https://www.rfc-editor.org/rfc/rfc8890

Informative References

[CSS-FONTS-5]
Chris Lilley. CSS Fonts Module Level 5 . URL: https://drafts.csswg.org/css-fonts-5/
[FILE-SYSTEM-ACCESS]
File System Access . Draft Community Group Report. URL: https://wicg.github.io/file-system-access/
[HTML]
Anne van Kesteren; et al. HTML Standard . Living Standard. URL: https://html.spec.whatwg.org/multipage/
[Infra]
Anne van Kesteren; Domenic Denicola. Infra Standard . Living Standard. URL: https://infra.spec.whatwg.org/
[PRIVACY-PRINCIPLES]
Robin Berjon; Jeffrey Yasskin. Privacy Principles . URL: https://w3ctag.github.io/privacy-principles/
[UNSANCTIONED-TRACKING]
Mark Nottingham. Unsanctioned Web Tracking . 17 July 2015. TAG Finding. URL: http://www.w3.org/2001/tag/doc/unsanctioned-tracking/
[URL]
Anne van Kesteren. URL Standard . Living Standard. URL: https://url.spec.whatwg.org/