Changeset 1032 for draft-ietf-httpbis/latest/p2-semantics.xml
- Timestamp:
- 19/10/10 05:47:51 (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p2-semantics.xml
r1030 r1032 2284 2284 <x:anchor-alias value="User-Agent"/> 2285 2285 <x:anchor-alias value="User-Agent-v"/> 2286 <t> 2287 The "User-Agent" request-header field contains information about the 2288 user agent originating the request. This is for statistical purposes, 2289 the tracing of protocol violations, and automated recognition of user 2290 agents for the sake of tailoring responses to avoid particular user 2291 agent limitations. 2292 </t> 2293 <t> 2294 User agents &SHOULD; include this field with requests. The field can contain 2295 multiple product tokens (&product-tokens;) and comments (&header-fields;) 2296 identifying the agent and any subproducts which form a significant part of 2297 the user agent. By convention, the product tokens are listed in order of 2298 their significance for identifying the application. 2299 </t> 2286 2287 <t>The "User-Agent" request-header field contains information about the user 2288 agent originating the request. User agents &SHOULD; include this field with 2289 requests.</t> 2290 2291 <t>Typically, it is used for statistical purposes, the tracing of protocol 2292 violations, and tailoring responses to avoid particular user agent 2293 limitations.</t> 2294 2295 <t>The field can contain multiple product tokens (&product-tokens;) 2296 and comments (&header-fields;) identifying the agent and its 2297 significant subproducts. By convention, the product tokens are listed in 2298 order of their significance for identifying the application.</t> 2299 2300 <t>Because this field is usually sent on every request a user agent makes, 2301 implementations are encouraged not to include needlessly fine-grained 2302 detail, and to limit (or even prohibit) the addition of subproducts by third 2303 parties. Overly long and detailed User-Agent field values make requests 2304 larger and can also be used to identify ("fingerprint") the user against 2305 their wishes.</t> 2306 2307 <t>Likewise, implementations are encouraged not to use the product tokens of 2308 other implementations in order to declare compatibility with them, as this 2309 circumvents the purpose of the field. Finally, they are encouraged not to 2310 use comments to identify products; doing so makes the field value more 2311 difficult to parse.</t> 2312 2300 2313 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="User-Agent"/><iref primary="true" item="Grammar" subitem="User-Agent-v"/> 2301 2314 <x:ref>User-Agent</x:ref> = "User-Agent" ":" <x:ref>OWS</x:ref> <x:ref>User-Agent-v</x:ref> … … 2704 2717 Referer information. 2705 2718 </t> 2706 <t> 2707 The User-Agent (<xref target="header.user-agent"/>) or Server (<xref target="header.server"/>) header 2708 fields can sometimes be used to determine that a specific client or 2709 server have a particular security hole which might be exploited. 2710 Unfortunately, this same information is often used for other valuable 2711 purposes for which HTTP currently has no better mechanism. 2712 </t> 2719 2720 <t>The User-Agent (<xref target="header.user-agent"/>) or Server (<xref 2721 target="header.server"/>) header fields can sometimes be used to determine 2722 that a specific client or server have a particular security hole which might 2723 be exploited. Unfortunately, this same information is often used for other 2724 valuable purposes for which HTTP currently has no better mechanism.</t> 2725 2726 <t>Furthermore, the User-Agent header field may contain enough entropy to be 2727 used, possibly in conjunction with other material, to uniquely identify the 2728 user.</t> 2729 2713 2730 <t> 2714 2731 Some methods, like TRACE (<xref target="TRACE"/>), expose information
Note: See TracChangeset
for help on using the changeset viewer.