FireFox 和 Safari 是不支持的
Accept-CH
Accept-CH 是一个HTTP响应头,它是客户端提示(Client Hints)机制的核心指令,由服务器发送给浏览器,用于“协商”获取用户设备、浏览器或网络状态的特定信息(如设备内存、UA版本、网络速度等)。
设置
<?php
header("accept-ch:Save-Data, Sec-CH-DPR,Width, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, RTT, Downlink, ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64i,Sec-CH-UA-Form-Factors,Sec-CH-Prefers-Reduced-Transparency,Content-DPR");
首次访问后,接下来的请求都会带上这些信息
示例
https://bjun.tech/header_ch_test.php
header_accept_ch:accept-ch:Save-Data, Sec-CH-DPR,Width, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, RTT, Downlink, ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64i,Sec-CH-UA-Form-Factors,Sec-CH-Prefers-Reduced-Transparency,Content-DPR
array (
'Priority' => 'u=0, i',
'Accept-Language' => 'zh-CN,zh;q=0.9',
'Accept-Encoding' => 'gzip, deflate, br, zstd',
'Sec-Fetch-Dest' => 'document',
'Sec-Fetch-User' => '?1',
'Sec-Fetch-Mode' => 'navigate',
'Sec-Fetch-Site' => 'none',
'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Safari/537.36',
'Upgrade-Insecure-Requests' => '1',
'Sec-Ch-Prefers-Reduced-Transparency' => 'reduce',
'Sec-Ch-Prefers-Reduced-Motion' => 'no-preference',
'Sec-Ch-Prefers-Color-Scheme' => 'light',
'Sec-Ch-Ua-Form-Factors' => '"Desktop"',
'Sec-Ch-Ua-Full-Version-List' => '"Chromium";v="142.0.7444.176", "Google Chrome";v="142.0.7444.176", "Not_A Brand";v="99.0.0.0"',
'Sec-Ch-Ua-Bitness' => '"64"',
'Sec-Ch-Ua-Model' => '""',
'Sec-Ch-Ua-Platform-Version' => '"10.0.0"',
'Sec-Ch-Ua-Platform' => '"Windows"',
'Sec-Ch-Ua-Arch' => '"x86"',
'Sec-Ch-Ua-Full-Version' => '"142.0.7444.176"',
'Sec-Ch-Ua-Mobile' => '?0',
'Sec-Ch-Ua' => '"Chromium";v="142", "Google Chrome";v="142", "Not_A Brand";v="99"',
'Ect' => '4g',
'Downlink' => '2.3',
'Rtt' => '50',
'Sec-Ch-Viewport-Height' => '2039',
'Sec-Ch-Viewport-Width' => '3775',
'Sec-Ch-Dpr' => '1',
'Sec-Ch-Device-Memory' => '8',
'Cache-Control' => 'max-age=0',
'Host' => 'bjun.tech',
'Content-Length' => '',
'Content-Type' => '',
)
清除
根据Client_hints#hint_life-time的内容:
- 后续所有请求都会带上信息
- 指浏览器关闭才会过期
- 服务器发送空Accept-CH 头可以停止提示
另外:
根据webappsec-clear-site-data/#header:可以通过发送一下头清楚信息。
Clear-Site-Data: "clientHints"
//或
Clear-Site-Data: "*"
devtools 切换客户端
chrome devtools iOS
header_accept_ch:accept-ch:Save-Data, Sec-CH-DPR,Width, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, RTT, Downlink, ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64i,Sec-CH-UA-Form-Factors,Sec-CH-Prefers-Reduced-Transparency,Content-DPR
array (
'Priority' => 'u=0, i',
'Accept-Language' => 'zh-CN,zh;q=0.9',
'Accept-Encoding' => 'gzip, deflate, br, zstd',
'Sec-Fetch-Dest' => 'document',
'Sec-Fetch-User' => '?1',
'Sec-Fetch-Mode' => 'navigate',
'Sec-Fetch-Site' => 'none',
'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'User-Agent' => 'Mozilla/5.0 (iPhone; CPU iPhone OS 18_5 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.5 Mobile/15E148 Safari/604.1',
'Upgrade-Insecure-Requests' => '1',
'Sec-Ch-Prefers-Reduced-Transparency' => 'reduce',
'Sec-Ch-Prefers-Reduced-Motion' => 'no-preference',
'Sec-Ch-Prefers-Color-Scheme' => 'light',
'Ect' => '4g',
'Downlink' => '2.3',
'Rtt' => '50',
'Sec-Ch-Viewport-Height' => '1864',
'Sec-Ch-Viewport-Width' => '860',
'Sec-Ch-Dpr' => '1',
'Sec-Ch-Device-Memory' => '8',
'Cache-Control' => 'max-age=0',
'Host' => 'bjun.tech',
'Content-Length' => '',
'Content-Type' => '',
)
chrome devtools Android
header_accept_ch:accept-ch:Save-Data, Sec-CH-DPR,Width, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, RTT, Downlink, ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64i,Sec-CH-UA-Form-Factors,Sec-CH-Prefers-Reduced-Transparency,Content-DPR
array (
'Priority' => 'u=0, i',
'Accept-Language' => 'zh-CN,zh;q=0.9',
'Accept-Encoding' => 'gzip, deflate, br, zstd',
'Sec-Fetch-Dest' => 'document',
'Sec-Fetch-User' => '?1',
'Sec-Fetch-Mode' => 'navigate',
'Sec-Fetch-Site' => 'none',
'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'User-Agent' => 'Mozilla/5.0 (Linux; Android 13; Pixel 7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/142.0.0.0 Mobile Safari/537.36',
'Upgrade-Insecure-Requests' => '1',
'Sec-Ch-Prefers-Reduced-Transparency' => 'reduce',
'Sec-Ch-Prefers-Reduced-Motion' => 'no-preference',
'Sec-Ch-Prefers-Color-Scheme' => 'light',
'Sec-Ch-Ua-Form-Factors' => '"Desktop"',
'Sec-Ch-Ua-Full-Version-List' => '"Chromium";v="142.0.7444.176", "Google Chrome";v="142.0.7444.176", "Not_A Brand";v="99.0.0.0"',
'Sec-Ch-Ua-Bitness' => '"64"',
'Sec-Ch-Ua-Model' => '"Pixel 5"',
'Sec-Ch-Ua-Platform-Version' => '"13"',
'Sec-Ch-Ua-Platform' => '"Android"',
'Sec-Ch-Ua-Arch' => '""',
'Sec-Ch-Ua-Full-Version' => '"142.0.7444.176"',
'Sec-Ch-Ua-Mobile' => '?1',
'Sec-Ch-Ua' => '"Chromium";v="142", "Google Chrome";v="142", "Not_A Brand";v="99"',
'Ect' => '4g',
'Downlink' => '2.3',
'Rtt' => '50',
'Sec-Ch-Viewport-Height' => '1830',
'Sec-Ch-Viewport-Width' => '824',
'Sec-Ch-Dpr' => '1',
'Sec-Ch-Device-Memory' => '8',
'Cache-Control' => 'max-age=0',
'Host' => 'bjun.tech',
'Content-Length' => '',
'Content-Type' => '',
)
real Android edge
header_accept_ch:accept-ch:Save-Data, Sec-CH-DPR,Width, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, RTT, Downlink, ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64i,Sec-CH-UA-Form-Factors,Sec-CH-Prefers-Reduced-Transparency,Content-DPR
array (
'Priority' => 'u=0, i',
'Accept-Encoding' => 'gzip, deflate, br, zstd',
'Sec-Fetch-Dest' => 'document',
'Sec-Fetch-User' => '?1',
'Sec-Fetch-Mode' => 'navigate',
'Sec-Fetch-Site' => 'cross-site',
'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7',
'User-Agent' => 'Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36 EdgA/131.0.0.0',
'Upgrade-Insecure-Requests' => '1',
'Dnt' => '1',
'Accept-Language' => 'zh-CN',
'Sec-Ch-Prefers-Reduced-Transparency' => 'no-preference',
'Sec-Ch-Prefers-Reduced-Motion' => 'no-preference',
'Sec-Ch-Prefers-Color-Scheme' => 'dark',
'Sec-Ch-Ua-Form-Factors' => '"Mobile"',
'Sec-Ch-Ua-Full-Version-List' => '"Microsoft Edge";v="131.0.2903.134", "Chromium";v="131.0.6778.205", "Not_A Brand";v="24.0.0.0"',
'Sec-Ch-Ua-Bitness' => '""',
'Sec-Ch-Ua-Model' => '"M2006J10C"',
'Sec-Ch-Ua-Platform-Version' => '"11.0.0"',
'Sec-Ch-Ua-Platform' => '"Android"',
'Sec-Ch-Ua-Arch' => '""',
'Sec-Ch-Ua-Full-Version' => '"131.0.2903.134"',
'Sec-Ch-Ua-Mobile' => '?1',
'Sec-Ch-Ua' => '"Microsoft Edge";v="131", "Chromium";v="131", "Not_A Brand";v="24"',
'Ect' => '4g',
'Downlink' => '1.5',
'Rtt' => '100',
'Sec-Ch-Viewport-Height' => '1960',
'Sec-Ch-Viewport-Width' => '980',
'Sec-Ch-Dpr' => '2.75',
'Sec-Ch-Device-Memory' => '8',
'Cache-Control' => 'max-age=0',
'Host' => 'bjun.tech',
'Content-Length' => '',
'Content-Type' => '',
)
real ios Safari
因为不支持该功能,所以不响应信息
header_accept_ch:accept-ch:Save-Data, Sec-CH-DPR,Width, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, RTT, Downlink, ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64i,Sec-CH-UA-Form-Factors,Sec-CH-Prefers-Reduced-Transparency,Content-DPR
array (
'Accept-Encoding' => 'gzip, deflate, br',
'Priority' => 'u=0, i',
'Accept-Language' => 'zh-CN,zh-Hans;q=0.9',
'Sec-Fetch-Mode' => 'navigate',
'Sec-Fetch-Site' => 'none',
'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'User-Agent' => 'Mozilla/5.0 (iPhone; CPU iPhone OS 18_6_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.6 Mobile/15E148 Safari/604.1',
'Sec-Fetch-Dest' => 'document',
'Host' => 'bjun.tech',
'Content-Length' => '',
'Content-Type' => '',
)
real ios edge
header_accept_ch:accept-ch:Save-Data, Sec-CH-DPR,Width, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, RTT, Downlink, ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64i,Sec-CH-UA-Form-Factors,Sec-CH-Prefers-Reduced-Transparency,Content-DPR
array (
'Sec-Fetch-Dest' => 'document',
'Accept-Language' => 'zh-CN,zh-Hans;q=0.9',
'User-Agent' => 'Mozilla/5.0 (iPhone; CPU iPhone OS 18_6_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) EdgiOS/142.0.3595.107 Version/18.0 Mobile/15E148 Safari/604.1',
'Sec-Fetch-Mode' => 'navigate',
'Accept-Encoding' => 'gzip, deflate, br',
'Sec-Fetch-Site' => 'none',
'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Host' => 'bjun.tech',
'Content-Length' => '',
'Content-Type' => '',
)
fireFox
header_accept_ch:accept-ch:Save-Data, Sec-CH-DPR,Width, Sec-CH-Width, Sec-CH-Viewport-Width, Sec-CH-Viewport-Height, Sec-CH-Device-Memory, RTT, Downlink, ECT, Sec-CH-Prefers-Color-Scheme, Sec-CH-Prefers-Reduced-Motion, Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64i,Sec-CH-UA-Form-Factors,Sec-CH-Prefers-Reduced-Transparency,Content-DPR
array (
'Te' => 'trailers',
'Priority' => 'u=0, i',
'Sec-Fetch-User' => '?1',
'Sec-Fetch-Site' => 'none',
'Sec-Fetch-Mode' => 'navigate',
'Sec-Fetch-Dest' => 'document',
'Upgrade-Insecure-Requests' => '1',
'Accept-Encoding' => 'gzip, deflate, br, zstd',
'Accept-Language' => 'zh-CN,zh;q=0.8,en-GB;q=0.5,en;q=0.3',
'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:144.0) Gecko/20100101 Firefox/144.0',
'Host' => 'bjun.tech',
'Content-Length' => '',
'Content-Type' => '',
)
一些思考
1、 可以用于检查是否首次访问。对于部分自动化工具,为节省资源和加快速度,运行时回复用窗口,并不会每次都重新初始化窗口,只清除缓存和Cookie。由于Accept-CH该特性难以清除,可能会被检测到。
2、 信息交叉验证,UA相关的几个信息需要保持一致,不然会出现冲突。