My guess would be that the internet is run by developers. Apps will want this data so javascript provides it to make decisions about window sizing and user agent capabilities. Authorization would probably only occur if javascript was gated by non developers just as SSDP open and forwards ports on routers without user intervention or knowledge rather than an API that prompt the user. Just a guess.