- From: Mukul Gandhi <gandhi.mukul@gmail.com>
- Date: Sun, 14 Aug 2011 20:15:57 +0530
- To: Jonathan Rees <jar@creativecommons.org>
- Cc: www-tag@w3.org
Hi Jonathan, On Fri, Aug 12, 2011 at 8:41 PM, Jonathan Rees <jar@creativecommons.org> wrote: > How does this work? I.e. what are browser instances doing that leaks > their identity to servers? Is it just a lucky guess based on > User-agent or something? I believe, that the "User-Agent" HTTP request header field is a reliable way for a server to know, that with which user agent (usually a web browser) it is sending response to. Here's an excerpt from the document http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html, which explains this, <quote> 14.43 User-Agent The User-Agent request-header field contains information about the user agent originating the request. This is for statistical purposes, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. User agents SHOULD include this field with requests. The field can contain multiple product tokens (section 3.8) and comments identifying the agent and any subproducts which form a significant part of the user agent. By convention, the product tokens are listed in order of their significance for identifying the application. User-Agent = "User-Agent" ":" 1*( product | comment ) Example: User-Agent: CERN-LineMode/2.15 libwww/2.17b3 </quote> I think nearly every web browser sends this field (and it's value) to the web server, it is sending a request to. -- Regards, Mukul Gandhi
Received on Sunday, 14 August 2011 14:46:44 UTC