Jump to content

User-Agent header

Page protected with pending changes
From Wikipedia, the free encyclopedia
(Redirected fromUser-agent)
Not to be confused with the concept of auser agent.

Incomputing,theUser-Agent headeris anHTTPheader intended to identify theuser agentresponsible for making a given HTTP request. Whereas the character sequenceUser-Agentcomprises the name of the header itself, the header value that a given user agent uses to identify itself is colloquially known as itsuser agent string.The user agent for the operator of a computer used to access the Web has encoded within the rules that govern its behavior the knowledge of how to negotiate its half of a request-response transaction; the user agent thus plays the role of theclientin aclient–server system.Often considered useful in networks is the ability to identify and distinguish the software facilitating a network session. For this reason, the User-Agent HTTP header exists to identify the client software to the responding server.

Use in client requests[edit]

When a software agent operates in a network protocol, it often identifies itself, its application type,operating system,device model, software vendor, or software revision, by submitting a characteristic identificationstringto its operating peer. In HTTP,[1]SIP,[2]and NNTP[3]protocols, this identification is transmitted in a header fieldUser-Agent.Bots,such as Web crawlers, often also include aURLand/ore-mail addressso that theWebmastercan contact the operator of the bot.

In HTTP, the "user agent string" is often used forcontent negotiation,where the origin server selects suitable content or operating parameters for the response. For example, the user agent string might be used by a web server to choose variants based on the known capabilities of a particular version of client software. The concept of content tailoring is built into the HTTP standard inRFC 1945"for the sake of tailoring responses to avoid particular user agent limitations".

The user agent string is one of the criteria by which Web crawlers may be excluded from accessing certain parts of a website using theRobots Exclusion Standard(robots.txtfile).

As with many other HTTP request headers, the information in the user agent string contributes to the information that the client sends to the server, since the string can vary considerably from user to user.[4]

Format for human-operated web browsers[edit]

The user agent string format is currently specified by section 10.1.5 ofHTTP Semantics.The format of the user agent string in HTTP is a list of product tokens (keywords) with optional comments. For example, if a user's product were called WikiBrowser, their user agent string might beWikiBrowser/1.0 Gecko/1.0.The "most important" product component is listed first.

The parts of this string are as follows:

  • product name and version (WikiBrowser/1.0)
  • layout engine and version (Gecko/1.0)

During the firstbrowser war,many web servers were configured to send web pages that required advanced features, includingframes,to clients that were identified as some version ofMozillaonly.[5]Other browsers were considered to be older products such asMosaic,Cello,orSamba,and would be sent a bare bones HTML document.

For this reason, most Web browsers use a user agent string value as follows:

Mozilla/[version] ([system and browser information]) [platform] ([platform details]) [extensions]

For example, Safari on the iPad has used the following: 

Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405

The components of this string are as follows:

  • Mozilla/5.0:Previously used to indicate compatibility with the Mozilla rendering engine.
  • (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us):Details of the system in which the browser is running.
  • AppleWebKit/531.21.10:The platform the browser uses.
  • (KHTML, like Gecko):Browser platform details.
  • Mobile/7B405:This is used by the browser to indicate specific enhancements that are available directly in the browser or through third parties. An example of this is Microsoft Live Meeting which registers an extension so that the Live Meeting service knows if the software is already installed, which means it can provide a streamlined experience to joining meetings.

Before migrating to theChromiumcode base,Operawas the most widely used web browser that did not have the user agent string with "Mozilla" (instead beginning it with "Opera" ). Since July 15, 2013,[6]Opera's user agent string begins with "Mozilla/5.0" and, to avoid encountering legacy server rules, no longer includes the word "Opera" (instead using the string "OPR" to denote the Opera version).

Format for automated agents (bots)[edit]

Automated web crawling tools can use a simplified form, where an important field is contact information in case of problems. By convention the word "bot" is included in the name of the agent. For example: 

Googlebot/2.1 (+http:// google /bot.html)

Automated agents are expected to follow rules in a special file called "robots.txt".

Encryption strength notations[edit]

Web browsers created in the United States, such asNetscape NavigatorandInternet Explorer,previously used the letters U, I, and N to specify theencryptionstrength in the user agent string. Until 1996, when the United States government allowed encryption with keys longer than 40 bits to be exported, vendors shipped various browser versions with different encryption strengths. "U" stands for "USA" (for the version with 128-bit encryption), "I" stands for "International" – the browser has 40-bit encryption and can be used anywhere in the world – and "N" stands (de facto) for "None" (no encryption).[7]Following the lifting ofexport restrictions,most vendors supported 256-bit encryption.

User agent spoofing[edit]

The popularity of various Web browser products has varied throughout the Web's history, and this has influenced the design of websites in such a way that websites are sometimes designed to work well only with particular browsers, rather than according to uniform standards by theWorld Wide Web Consortium(W3C) or theInternet Engineering Task Force(IETF). Websites often include code to detect browser version to adjust the page design sent according to the user agent string received. This may mean that less-popular browsers are not sent complex content (even though they might be able to deal with it correctly) or, in extreme cases, refused all content.[8]Thus, various browsers have a feature tocloakorspooftheir identification to force certain server-side content. For example, the Android browser identifies itself asSafari(among other things) in order to aid compatibility.[9][10]

Other HTTP client programs, likedownload managersandoffline browsers,often have the ability to change the user agent string.

A result of user agent spoofing may be that collectedstatistics of Web browser usageare inaccurate.

User agent sniffing[edit]

Main article:Browser sniffing

User agent sniffingis the practice of websites showing different or adjusted content when viewed with certain user agents. An example of this isMicrosoft Exchange Server2003's Outlook Web Access feature. When viewed with Internet Explorer 6 or newer, more functionality is displayed compared to the same page in any other browsers. User agent sniffing is considered poor practice, since it encourages browser-specific design and penalizes new browsers with unrecognized user agent identifications. Instead, the W3C recommends creating standard HTML markup,[11]allowing correct rendering in as many browsers as possible, and to test for specific browser features rather than particular browser versions or brands.[12]

Websites intended for display by mobile phones often rely on user agent sniffing, sincemobile browsersoften differ greatly from each other.

Deprecation of User-Agent header[edit]

Main article:HTTP Client Hints

In 2020,Googleannounced that they would be freezing parts of the User-Agent header in theirChromebrowser as it's no longer required for determining browser capabilities and instead mainly used forbrowser fingerprinting.They stated that other major web browser vendors were supportive of the move.[13]Google stated that a new feature calledClient Hintswould replace the functionality of the user agent string.[14]

Starting with Chrome 113, released in April 2023, User-Agent header stays the same except for the major version part.[15]

Browser misidentification[edit]

Starting withFirefox110 released in February 2023,[16]Mozillaannounced it would temporarily freeze portions of the browser's user agent string at version 109. This was done due to several websites incorrectly recognizing a development version of the browser (which identified itself by the stringMozilla/5.0 (Windows NT 10.0; Win64;rv:110.0) Gecko/20100101 Firefox/110.0)[17]as thedeprecatedInternet Explorer 11(which reportsMozilla/5.0 (Windows NT 10.0; Trident/7.0;rv:11.0) like Gecko).[18]The problem will self-correct after the release of Firefox 120, as only browsers identifying themselves as 110 through 119 were observed to be affected by it.[19]

See also[edit]

References[edit]

  1. ^"RFC-9110: HTTP Semantics".IETF.Retrieved28 July2022.
  2. ^RFC 3261,SIP: Session Initiation Protocol,IETF, The Internet Society (2002)
  3. ^Netnews Article Format.IETF.November 2009. sec. 3.2.13.doi:10.17487/RFC5536.RFC5536.
  4. ^Eckersley, Peter (27 January 2010)."Browser Versions Carry 10.5 Bits of Identifying Information on Average".Electronic Frontier Foundation.Retrieved25 August2011.
  5. ^History of the browser user-agent string.WebAIM.
  6. ^"Opera User Agent Strings: Opera 15 and Beyond".dev.opera. 15 July 2013.Retrieved2014-05-05.
  7. ^Zawinski, Jamie (28 March 1998)."user-agent strings (obsolete)".mozilla.org.Retrieved2010-01-08.
  8. ^Burstein complaining "... I've been rejected until I come back with Netscape"
  9. ^"Android Browser Reports Itself as Apple Safari".Archived fromthe originalon August 6, 2011.RetrievedAugust 9,2011.
  10. ^"User Agent String explained: Android Webkit Browser".UserAgentString. Archived fromthe originalon 4 May 2012.Retrieved29 July2012.Mozilla/5.0 (Linux; U; Android 2.2; en-sa; HTC_DesireHD_A9191 Build/FRF91) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
  11. ^Pemberton, Stephen."W3C Markup Validation Service".W3C.Retrieved2011-10-18.
  12. ^Clary, Bob (10 February 2003)."Browser Detection and Cross Browser Support".Mozilla Developer Center.Mozilla.Archived fromthe originalon 2011-11-17.Retrieved2009-05-30.
  13. ^"Chrome Phasing out Support for User Agent".InfoQ.Retrieved2020-03-25.
  14. ^Cimpanu, Catalin."Google to phase out user-agent strings in Chrome".ZDNet.Retrieved2020-03-25.
  15. ^"User-Agent Reduction".chromium.org.Retrieved2023-07-13.
  16. ^"Firefox Release Notes".mozilla.org.Retrieved8 April2023.
  17. ^"bestbuy - Firefox is an unsupported browser".github.Retrieved8 April2023.
  18. ^Schubert, Dennis."Freeze 'rv:' segment in the User Agent string to 'rv:109.0' to avoid erroneous IE11 detection".bugzilla.mozilla.org.Retrieved8 April2023.
  19. ^Peterson, Chris."Remove the frozen 'rv:109.0' IE11 UA workaround after Firefox reaches version 120 (desktop and Android)".bugzilla.mozilla.org.Retrieved8 April2023.
Retrieved from "https://en.wikipedia.org/w/index.php?title=User-Agent_header&oldid=1196194515"