- From: Mukul Gandhi <gandhi.mukul@gmail.com>
- Date: Sun, 14 Aug 2011 20:15:57 +0530
- To: Jonathan Rees <jar@creativecommons.org>
- Cc: www-tag@w3.org
Hi Jonathan,
On Fri, Aug 12, 2011 at 8:41 PM, Jonathan Rees <jar@creativecommons.org> wrote:
> How does this work? I.e. what are browser instances doing that leaks
> their identity to servers? Is it just a lucky guess based on
> User-agent or something?
I believe, that the "User-Agent" HTTP request header field is a
reliable way for a server to know, that with which user agent (usually
a web browser) it is sending response to.
Here's an excerpt from the document
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html, which explains
this,
<quote>
14.43 User-Agent
The User-Agent request-header field contains information about the
user agent originating the request. This is for statistical purposes,
the tracing of protocol violations, and automated recognition of user
agents for the sake of tailoring responses to avoid particular user
agent limitations. User agents SHOULD include this field with
requests. The field can contain multiple product tokens (section 3.8)
and comments identifying the agent and any subproducts which form a
significant part of the user agent. By convention, the product tokens
are listed in order of their significance for identifying the
application.
User-Agent = "User-Agent" ":" 1*( product | comment )
Example:
User-Agent: CERN-LineMode/2.15 libwww/2.17b3
</quote>
I think nearly every web browser sends this field (and it's value) to
the web server, it is sending a request to.
--
Regards,
Mukul Gandhi
Received on Sunday, 14 August 2011 14:46:44 UTC