Web User Agents

1. Audience

This document is intended for:

• Technical authors who want to reuse or reference these concepts in their own specifications or documentation.

• User agent developers who want to align implementations with design and privacy principles that prioritize their users.

• Web developers who want to understand why user agents prioritize user privacy and security over other constituencies, including developer convenience.

• Regulators and policymakers who seek to understand the duties, principles, and expectations guiding user agent behavior.

2. What is a web user agent

A web user agent is any software entity that interacts with websites outside the entity itself, on behalf of its user, including simply rendering the content of websites. In web specifications and the rest of this document, web user agents are usually referred to as just "user agents", but there are other kinds of user agents in other domains, for example "mail user agents" in the context of email. A person can use many different user agents in their day-to-day life.

The most common type of web user agent is the web browser, including in-app browsers that can follow cross-site links. However, user agents also include other tools like search engines, voice-driven assistants, and generative AI systems that present snippets or summaries of website content, or help people navigate and interact with websites.

User agent behavior is not completely defined by web standards or even by technical specifications in general. In particular, user agents choose which specifications to implement in order to best serve their users, and they implement proprietary user interfaces and other behavior around the specifications they do implement.

2.1. User agents as software components

As software components, user agents can be parts of larger applications and can call libraries that implement the web platform or parts of it.

When an application makes a clear distinction between its pieces that are user agents and its pieces that aren’t, then only the user agent parts, which browse content from outside the user agent itself, need to follow the user agent duties. Parts that are clearly only showing the application’s own content can act on their own behalf, but the application should still give its users clear expectations about what behavior they should expect from different parts of the application. If the distinction between internal and external content is too small—for example if the application doesn’t show an address bar or another indicator of content origin when browsing external content—then the application should also follow the user agent duties when showing its own content.

Similarly a library that implements the web platform may or may not be a full user agent. Some, like SFSafariViewController and Android Custom Tabs take on the responsibility of implementing the user agent duties and of clearly distinguishing between the external content they browse and the content controlled by the embedding application. These libraries are user agents.

Other libraries, like the Android, iOS, and Windows WebView libraries, are designed to support many kinds of applications. Because some of these applications include only their own content, WebView libraries are not meant to be user agents on their own, and they do not implement the user agent duties.

Ultimately, an embedding application is responsible for following the user agent duties if it, or any part of it, acts as a user agent. This can be straightforward if the application only browses external content through a user agent library. Developers need to take extra care to follow the user agent duties when using a non-user agent WebView to implement an in-app browser .

3. Duties of user agents

Each user agent serves its user (The Internet is for End Users), not any of the other constituencies. A user agent owes its user various duties, which should be established through collective discussions and embodied in the various standards that user agents implement.

3.1. Protection

It should be safe to visit a web page. Visiting a page must not by itself let the page change the user’s computer or environment, such as by installing software or accessing hardware.

Any data revealed to sites or other observers should be aligned with the user’s preferences and follow the principle of data minimization. In particular, user agents must act to limit the potential for sites to track user activity [unsanctioned-tracking].

Users may choose to share more information, such as by filling out forms or granting permissions. Even then, user agents must help users avoid deception and clearly signal when a page attempts to gain elevated access.

Access to local files or other sensitive resources must be limited to clear, intentional user actions, with appropriate warnings.

3.2. Honesty

A user agent is responsible to explain to its user what’s going on, in terms that user is likely to be able to understand. These explanations should happen at appropriate times and frequencies, so that they actually help the user understand instead of interrupting and distracting the user.

3.3. Loyalty

A user agent must serve its user’s interests over its implementer’s interests and over the interests of any other party.

A user agent can be loyal while also collecting payment for its services, as long as that payment is fair and was agreed ahead of time.

A user agent can also help its user make a credible commitment to a page in order to get that page’s services, and it’s not disloyal to maintain that commitment after getting the services.

A user agent must not obstruct its users from switching to another user agent. For example, it must not block access to, export, or store user data in ways that prevent portability. This includes identity information, bookmarks, history, passwords, and credentials such as passkeys. If the user agent relies on the underlying OS to store credentials, there needs to be a way for users to allow other user agents to access those credentials.