If you have them navigate to something that reflects their browser headers back to them, it might help to verify their claim. For example I have this function available on a webserver of mine (https://www.supermathie.net/reflect/headers):
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
accept-encoding: gzip, deflate, br, zstd
accept-language: en-GB,en-US;q=0.9,en;q=0.8,fr-CA;q=0.7,fr;q=0.6
connection: keep-alive
dnt: 1
host: www.supermathie.net
sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"
sec-ch-ua-mobile: ?1
sec-ch-ua-platform: "Android"
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: none
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Mobile Safari/537.36
(disclaimer: this is a personal server not affiliated with CDCK, feel free to use this, or make your own if privacy is a concern)