diff --git a/doh-client/config/config.go b/doh-client/config/config.go
index 70d0118..01dbe31 100644
--- a/doh-client/config/config.go
+++ b/doh-client/config/config.go
@@ -53,6 +53,7 @@ type others struct {
 	NoCookies        bool     `toml:"no_cookies"`
 	NoECS            bool     `toml:"no_ecs"`
 	NoIPv6           bool     `toml:"no_ipv6"`
+	NoUserAgent      bool     `toml:"no_user_agent"`
 	Verbose          bool     `toml:"verbose"`
 	DebugHTTPHeaders []string `toml:"debug_http_headers"`
 }
diff --git a/doh-client/doh-client.conf b/doh-client/doh-client.conf
index ec985ff..b6eff00 100644
--- a/doh-client/doh-client.conf
+++ b/doh-client/doh-client.conf
@@ -119,5 +119,16 @@ no_ecs = false
 # Note that DNS listening and bootstrapping is not controlled by this option.
 no_ipv6 = false
 
+# Disable submitting User-Agent
+#
+# It is generally not recommended to disable submitting User-Agent because it
+# is still possible to probe client version according to behavior differences,
+# such as TLS handshaking, handling of malformed packets, and specific bugs.
+# Additionally, User-Agent is an important way for the server to distinguish
+# buggy, old, or insecure clients, and to workaround specific bugs.
+# (e.g. doh-server can detect and workaround certain issues of DNSCrypt-Proxy
+# and older Firefox.)
+no_user_agent = false
+
 # Enable logging
 verbose = false
diff --git a/doh-client/google.go b/doh-client/google.go
index 2658b6f..b690062 100644
--- a/doh-client/google.go
+++ b/doh-client/google.go
@@ -86,7 +86,11 @@ func (c *Client) generateRequestGoogle(ctx context.Context, w dns.ResponseWriter
 	}
 
 	req.Header.Set("Accept", "application/json, application/dns-message, application/dns-udpwireformat")
-	req.Header.Set("User-Agent", USER_AGENT)
+	if !c.conf.NoUserAgent {
+		req.Header.Set("User-Agent", USER_AGENT)
+	} else {
+		req.Header.Set("User-Agent", "")
+	}
 	req = req.WithContext(ctx)
 
 	c.httpClientMux.RLock()
diff --git a/doh-client/ietf.go b/doh-client/ietf.go
index 87d573e..7cdcb28 100644
--- a/doh-client/ietf.go
+++ b/doh-client/ietf.go
@@ -128,7 +128,11 @@ func (c *Client) generateRequestIETF(ctx context.Context, w dns.ResponseWriter,
 		req.Header.Set("Content-Type", "application/dns-message")
 	}
 	req.Header.Set("Accept", "application/dns-message, application/dns-udpwireformat, application/json")
-	req.Header.Set("User-Agent", USER_AGENT)
+	if !c.conf.NoUserAgent {
+		req.Header.Set("User-Agent", USER_AGENT)
+	} else {
+		req.Header.Set("User-Agent", "")
+	}
 	req = req.WithContext(ctx)
 	c.httpClientMux.RLock()
 	resp, err := c.httpClient.Do(req)