Can a website see my type of computer
Executive summary
Yes — websites can usually determine the type of computer a visitor is using in broad strokes: they can learn the operating system and browser from the HTTP User-Agent header and refine that picture using JavaScript and fingerprinting techniques, but they generally cannot identify the physical make/model of a machine without additional software or prior identifiers (cookies, accounts) on the device [1] [2] [3]. Skilled users can spoof or block some signals, yet modern fingerprinting methods can still infer OS class or unique device characteristics even when the User-Agent is altered [4] [5].
1. How websites get the OS: the User‑Agent and HTTP headers
Every browser sends request headers when connecting to a site, and one of those — the User‑Agent — conventionally reports browser and operating system information; websites routinely parse that header to display or adapt content [1] [6]. Server‑side scripts like PHP’s get_browser() read these headers to decide which resources to serve, which is why “what browser/OS am I on?” tools can show an OS directly from the request [6] [2].
2. Javascript and the richer device picture
Allowing a page to run JavaScript hands the site many additional signals: screen resolution, timezone, installed fonts, enabled plugins, and API quirks that differ by OS and browser — all of which help refine OS detection beyond the User‑Agent [7] [8]. Sites such as WhatIsMyBrowser combine header inspection with client‑side scripts to display a detailed OS and browser readout [1] [2].
3. When spoofing User‑Agent is not enough
Changing or blanking the User‑Agent can hide the reported OS, but it does not fully prevent detection: JavaScript behavior, plugin versions, and fingerprinting techniques like canvas or WebGL hashing can reveal operating system class or unique device traits despite a forged header [4] [5]. Security forum discussions and browser‑privacy guides note that relying solely on User‑Agent spoofing is insufficient for high‑risk anonymity and that script‑blocking tools like NoScript are recommended to limit information leakage [4] [5].
4. Fingerprinting: identifying a device without cookies
Advertisers and anti‑fraud systems combine many small signals — fonts, screen size, GPU responses, timezone, TLS fingerprints — to create a fingerprint that can often distinguish devices even on a first visit and thus implicitly indicate OS family or unique hardware traits [8] [7]. While this rarely yields a manufacturer serial number, it can tie activity to a single machine across visits unless countermeasures are used [8] [5].
5. Limits: what websites generally cannot see without cooperation
Without custom client software or explicit user authentication, websites usually cannot determine detailed hardware identifiers (model number, internal serials) or confidently assert the exact make of a laptop versus a desktop; the most reliable info is browser type/version and OS family (sometimes version) complemented by network data like IP address [3] [9]. Server operators can, conversely, be queried about their own server OS using external tools — but that tells nothing about the visitor’s client machine [10].
6. Conflicting interests and practical advice
Websites have benign reasons to detect OS — serving correct downloads or compatible pages — but tracking and ad networks use the same techniques to profile users, creating a privacy vs. utility tradeoff [9] [7]. For stronger privacy, combine script blocking, browser privacy modes or specialized browsers, and, for high‑risk browsing, isolation via virtual machines or LiveCDs; even Tor and privacy tools face practical limits against advanced fingerprinting [4] [5].