Set a Custom User-Agent with Fetch in JavaScript
On This Page
The User-Agent header was historically a forbidden header name in browsers. It has since been removed from the forbidden list, but Chrome still silently drops any custom value you set and sends its own User-Agent instead. In this article, you’ll learn how to reliably override User-Agent using a server-side proxy, and common User-Agent strings you can use.
The Code
fetch("https://proxy.corsfix.com/?https://api.example.com/data", { headers: { "x-corsfix-headers": JSON.stringify({ "User-Agent": "MyApp/1.0", }), },}) .then((response) => response.json()) .then((data) => console.log(data));Instead of setting User-Agent directly (which the browser overrides with its own value), you pass it inside x-corsfix-headers. Corsfix applies it server-side before forwarding the request to the target.
For local development, this works instantly without registration. For live websites, set up your domain (takes 30 seconds).
Why You Can’t Just Set User-Agent in fetch
User-Agent was removed from the official forbidden headers list, so in theory browsers should allow you to set it. In practice, Chrome still silently drops your custom value and sends its own User-Agent string instead. Every request from Chrome will always identify as Chrome, regardless of what you pass in the headers.
// Chrome silently drops this and sends its own User-Agentfetch("https://api.example.com/data", { headers: { "User-Agent": "MyApp/1.0", // Chrome ignores this },});// Node.js, this works fineconst response = await fetch("https://api.example.com/data", { headers: { "User-Agent": "MyApp/1.0", },});In Node.js or any server-side runtime, you can set User-Agent to whatever you want. A proxy lets you do the same from the browser by handling the header swap server-side, which is why you need to explicitly pass it through x-corsfix-headers.
When You Need a Custom User-Agent
There are several real-world scenarios where controlling the User-Agent matters:
- Web scraping - many websites check the User-Agent and block requests that don’t look like a real browser. Some also block known headless browser signatures.
- API identification - some APIs require a specific User-Agent string to identify your application, and reject requests with generic browser User-Agents.
- Mobile vs desktop content - servers that return different HTML or data based on whether the User-Agent indicates a mobile or desktop client.
- Bot simulation - testing how your site responds to crawlers like Googlebot, Bingbot, or other automated agents.
- Bypassing restrictions - certain services block or rate-limit requests from specific browser User-Agents while allowing others.
Common User-Agent Strings
Here are some commonly used User-Agent values you can use with x-corsfix-headers:
Latest Chrome (Desktop)
"x-corsfix-headers": JSON.stringify({ "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",})Latest Safari (iPhone)
"x-corsfix-headers": JSON.stringify({ "User-Agent": "Mozilla/5.0 (iPhone; CPU iPhone OS 18_0 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Mobile/15E148 Safari/604.1",})Googlebot
"x-corsfix-headers": JSON.stringify({ "User-Agent": "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",})curl
"x-corsfix-headers": JSON.stringify({ "User-Agent": "curl/8.7.1",})Custom app identifier
"x-corsfix-headers": JSON.stringify({ "User-Agent": "MyApp/1.0 (contact@myapp.com)",})Conclusion
Use a server-side proxy like Corsfix to set a custom User-Agent with fetch in JavaScript. Pass the User-Agent value inside x-corsfix-headers, and Corsfix sets it on the outbound request before forwarding it to the target.
Corsfix handles the User-Agent override along with other forbidden headers server-side, so you can focus on building your app instead of managing proxy infrastructure.