Netskope Global Technical Success (GTS)

Brave Browser - Block All Traffic via HTTP Header

Netskope Cloud Version - 126

Objective

Restricting web traffic originating from Brave Browser via HTTP Header

Prerequisite

SWG or Next-Gen SWG license

Context

This article outlines the process to block Brave Browser traffic via HTTP Header via Netskope HTTP Header feature.

Do You Know?

• What is Netskope HTTP Header Profile?

A Netskope HTTP Header Profile is used to define how HTTP headers should be handled for traffic inspection and policy enforcement.

Netskope Official Article on HTTP Header Profile

• What is User-Agent?

The User-Agent in an HTTP header is a string sent by a web browser or application to identify itself to the server when making a web request. It helps the server understand what kind of client is making the request -

From Browser - Google Chrome 

• Why is Brave Browser different?

(A.) Brave Browser stands out from other common browsers (like Chrome, Firefox, Safari, and Edge) due to -

1. Tracker and Ad Blocking: Brave blocks ads, trackers, fingerprinting, and cookies by default—without needing extensions. Brave often loads pages faster and consumes less bandwidth than other browsers.
2. HTTPS Everywhere: Automatically upgrades connections to HTTPS for better security.
3. No Data Collection: Brave doesn’t track user behavior or sell data to third parties.

(B.) Brave Browser includes a unique feature called "Private Window with Tor", which is not found in most other mainstream browsers. When you open a Private Window with Tor in Brave, your internet traffic is routed through the Tor network — a decentralized, volunteer-run system designed to anonymize internet activity.

Note: This is one of the main reasons why security administrators discourage end users from using the Brave browser on business machines

(C.) Brave is built on the same open-source Chromium engine as Chrome, so it supports Chrome extensions and feels familiar to Chrome users.
 

Note: Brave removes Google's tracking and telemetry code.

• Brave Vs Google Chrome

(A.) Brave and Google Chrome are Chromium-based browsers, meaning they are built on the open-source Chromium project. However, even though they share the same underlying codebase, they have different features and focuses.

(B.) Brave Browser sometimes spoofs its User-Agent string intentionally to protect user privacy and reduce tracking or fingerprinting.

User Agent information in Google Chrome and Brave are identical

As highlighted in the snapshot above, the 'User-Agent' header is not reliable for identifying traffic. Therefore, we should rely on the alternative HTTP header, 'sec-ch-ua'.

• What is sec-ch-ua?

sec-ch-ua is a Client Hint header introduced to provide more detailed information about the browser. This header breaks down the browser's identity into more specific pieces of information, and it can be more easily used to distinguish between browsers like Chrome and Brave.

The User-Agent string traditionally identifies the browser and operating system but can be inconsistent and manipulated by users or different browsers

Configuration

Lets block Brave Browser Traffic via Netskope HTTP Header

Step 1 - Create a HTTP Header Profile

Path: Netskope Tenant UI >>> Policies >>> Profiles - - - HTTP Header >>> New HTTP Header Profile

Step 2 - Create a Realtime Protection Policy

Path: Netskope Tenant UI >>> Policies >>> Realtime Protection Policy >>> New Policy

Verification

Generate traffic via Brave Browser

Terms and Conditions

• All documented information undergoes testing and verification to ensure accuracy.
• In the future, it is possible that the application's functionality may be altered by the vendor. If any such changes are brought to our attention, we will promptly update the documentation to reflect them.

Notes

• This article is authored by Netskope Global Technical Success (GTS).
• For any further inquiries related to this article, please contact Netskope GTS by submitting a support case with 'Case Type – How To Questions'.