W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

Re: [#232] User-Agent Guidelines (proposal)

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 20 Sep 2010 13:58:19 +0200
To: "HTTP Working Group" <ietf-http-wg@w3.org>, "Mark Nottingham" <mnot@mnot.net>
Message-ID: <op.vjbx7hlz64w2qv@anne-van-kesterens-macbook-pro.local>
On Mon, 20 Sep 2010 11:14:48 +0200, Mark Nottingham <mnot@mnot.net> wrote:
> [...]
>
> Because this field is usually sent on every request a user-agent makes,  
> implementations are encouraged not to include needlessly fine-grained  
> detail, and to limit (or even prohibit) the addition of subproducts by  
> third parties. Overly long and detailed User-Agent field values make  
> requests larger and can also be used to identify ("fingerprint") the  
> user against their wishes.

Having this is great I think. I think we should also give advice to people  
using the header (i.e. against user-agent sniffing), similar to what HTML5  
does for navigator.userAgent:

http://whatwg.org/C#client-identification

(HTML5 should probably also mention the fingerprinting issue.)


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Monday, 20 September 2010 11:58:56 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:25 GMT