What info does a Mobile Browser send to the Web Server

Question

What info can be gleaned from a Mobile Phone by a website? (Not an app).

Is user specific information such as Phone Number, IMEI, Google Account info etc obtainable via HTTP headers?

— user194276 | Sources

Answer

You only get very basic information on the device.

See for example the following sample requests from a Samsung Galaxy S7:

Samsung Browser:

Accept-Language: de-DE,de,en-US,en

User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SAMSUNG SM-G930F Build/R16NW) AppleWebKit/537.36 (KHTML, like Gecko) SamsungBrowser/9.2 Chrome/67.0.3396.87 Mobile Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8

Accept-Encoding: gzip, deflate

Chrome:

User-Agent: Mozilla/5.0 (Linux; Android 8.0.0; SM-G930F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.143 Mobile Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3

Accept-Encoding: gzip, deflate

Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7

Firefox:

User-Agent: Mozilla/5.0 (Android 8.0.0; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3

Accept-Encoding: gzip, deflate

Firefox Klar:

User-Agent: Mozilla/5.0 (Linux; Android 8.0.0) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Focus/8.0.15 Chrome/75.0.3770.143 Mobile Safari/537.36

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3

x-requested-with: 

Accept-Encoding: gzip, deflate

Accept-Language: de-DE,de;q=0.9,en-US;q=0.8,en;q=0.7

As you can see the HTTP headers of some browsers contain the device model and the Android version number and the used browser app.

Note: Other web browsers may send additional headers.

— Robert | Sources

Q & A

How do I open an offline website on Android?

Strip /lib from installed apk

Disable vibration in Samsung?

Is there a reason to install, say, VLC from F-droid instead of play store?

How to replace SD card formatted as internal storage?

How do I access `$HOME/storage` outside of Termux (with a file explorer)?

Fingerprint lost phone unlocking ability â€“ where to troubleshoot?

How to screencap the smaller display of Samsung Galaxy Fold using ADB 'screencap' command?

How to resize the width of several frozen columns in Google Sheets app?

Does /dev/block/mmcblk0 include an external sd card that has been formatted as internal?

Google just EOLed the original Pixel. How long until it's a brick?

Can I flash Android on device with overwritten mmcblk0?

Why bowsers cannot download files to storage (path looks /dev/null/Download)?

How does update_engine validate a differential update-image with dm-verity enabled?

Google pay wont work unless phone is unlocked even for small payments

init: cannot execve('/system/bin/custom.sh'): Permission denied

How to fix "dmesg: klogctl: Permission denied" for normal user on Android?

How to boot system-as-root device always as rooted?

How to install EdXposed on Android 10 without triggering safety net

How to determine if my phone supports AndroidOne?

Topics

2D Engines 3D Engines 9-Patch Action Bars Activities ADB Advertisements Analytics Animations ANR AOP API APK APT Architecture Audio Autocomplete Background Processing Backward Compatibility Badges Bar Codes Benchmarking Bitmaps Bluetooth Blur Effects Bread Crumbs BRMS Browser Extensions Build Systems Bundles Buttons Caching Camera Canvas Cards Carousels Changelog Checkboxes Cloud Storages Color Analysis Color Pickers Colors Comet/Push Compass Sensors Conferences Content Providers Continuous Integration Crash Reports Credit Cards Credits CSV Curl/Flip Data Binding Data Generators Data Structures Database Database Browsers Date & Debugging Decompilers Deep Links Dependency Injections Design Design Patterns Dex Dialogs Distributed Computing Distribution Platforms Download Managers Drawables Emoji Emulators EPUB Equalizers & Event Buses Exception Handling Face Recognition Feedback & File System File/Directory Fingerprint Floating Action Fonts Forms Fragments FRP FSM Functional Programming Gamepads Games Geocaching Gestures GIF Glow Pad Gradle Plugins Graphics Grid Views Highlighting HTML HTTP Mocking Icons IDE IDE Plugins Image Croppers Image Loaders Image Pickers Image Processing Image Views Instrumentation Intents Job Schedulers JSON Keyboard Kotlin Layouts Library Demos List View List Views Localization Location Lock Patterns Logcat Logging Mails Maps Markdown Mathematics Maven Plugins MBaaS Media Menus Messaging MIME Mobile Web Native Image Navigation NDK Networking NFC NoSQL Number Pickers OAuth Object Mocking OCR Engines OpenGL ORM Other Pickers Parallax List Parcelables Particle Systems Password Inputs PDF Permissions Physics Engines Platforms Plugin Frameworks Preferences Progress Indicators ProGuard Properties Protocol Buffer Pull To Purchases Push/Pull QR Codes Quick Return Radio Buttons Range Bars Ratings Recycler Views Resources REST Ripple Effects RSS Screenshots Scripting Scroll Views SDK Search Inputs Security Sensors Services Showcase Views Signatures Sliding Panels Snackbars SOAP Social Networks Spannable Spinners Splash Screens SSH Static Analysis Status Bars Styling SVG System Tags Task Managers TDD & Template Engines Testing Testing Tools Text Formatting Text Views Text Watchers Text-to Toasts Toolkits For Tools Tooltips Trainings TV Twitter Updaters USB User Stories Utils Validation Video View Adapters View Pagers Views Watch Face Wearable Data Wearables Weather Web Tools Web Views WebRTC WebSockets Wheel Widgets Wi-Fi Widgets Windows Wizards XML XMPP YAML ZIP Codes