Patrick Pelletier [2013-09-13T15:18]: > encourage browsers not to send User-Agent at all.
It will not happen. This simple decision would break most of the Web. (Unfortunately). My daily work is to fight against bad user agent detection. It's so deep rooted in the Web infrastructure that even simplifying it takes a lot of energy. Today I was going through the stats of a very high traffic web sites that shared with me the list of all unique UA strings they collected on 1 week. cat access-ua-log-7days.txt | wc -l 386 844 Yes… each of these are different. Some of them are just the usual one, such as "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0" with million of occurences From looking at the file I have, there are things which can be improved though, some nasty things are done with some of the UA strings. With two areas worse than others: * IE products such as 3rd party toolbars modifying the UA with a unique ID per user. * some Mobile products with unique ID (most of the time put by Operators) The spec could forbid it, but I guess it would be more a question of legal matter. Operators are sometimes using these unique ID for services. btw it's not only User-Agent, there are secondary things such as X-Original-User-Agent X-Device-User-Agent Device-Stock-UA X-OperaMini-Phone-UA -- Karl Dubost http://www.la-grange.net/karl/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
