W3C home > Mailing lists > Public > www-tag@w3.org > August 2011

Re: how does host B know that its visitor is the one that visited host A?

From: Mukul Gandhi <gandhi.mukul@gmail.com>
Date: Sun, 14 Aug 2011 20:15:57 +0530
Message-ID: <CABuuzNNoNypa44FEDa9MSckj31fpDVfDPeBg+Hg5FneADT82qQ@mail.gmail.com>
To: Jonathan Rees <jar@creativecommons.org>
Cc: www-tag@w3.org
Hi Jonathan,

On Fri, Aug 12, 2011 at 8:41 PM, Jonathan Rees <jar@creativecommons.org> wrote:
> How does this work? I.e. what are browser instances doing that leaks
> their identity to servers? Is it just a lucky guess based on
> User-agent or something?

I believe, that the "User-Agent" HTTP request header field is a
reliable way for a server to know, that with which user agent (usually
a web browser) it is sending response to.

Here's an excerpt from the document
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html, which explains


14.43 User-Agent

The User-Agent request-header field contains information about the
user agent originating the request. This is for statistical purposes,
the tracing of protocol violations, and automated recognition of user
agents for the sake of tailoring responses to avoid particular user
agent limitations. User agents SHOULD include this field with
requests. The field can contain multiple product tokens (section 3.8)
and comments identifying the agent and any subproducts which form a
significant part of the user agent. By convention, the product tokens
are listed in order of their significance for identifying the

       User-Agent     = "User-Agent" ":" 1*( product | comment )


       User-Agent: CERN-LineMode/2.15 libwww/2.17b3


I think nearly every web browser sends this field (and it's value) to
the web server, it is sending a request to.

Mukul Gandhi
Received on Sunday, 14 August 2011 14:46:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:40 UTC