Changeset 1036 for draft-ietf-httpbis/latest/p2-semantics.xml
- Timestamp:
- 19/10/10 09:32:23 (10 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
draft-ietf-httpbis/latest/p2-semantics.xml
r1035 r1036 2344 2344 <x:anchor-alias value="User-Agent"/> 2345 2345 <x:anchor-alias value="User-Agent-v"/> 2346 2347 <t>The "User-Agent" request-header field contains information about the user 2348 agent originating the request. User agents &SHOULD; include this field with 2349 requests.</t> 2350 2351 <t>Typically, it is used for statistical purposes, the tracing of protocol 2352 violations, and tailoring responses to avoid particular user agent 2353 limitations.</t> 2354 2355 <t>The field can contain multiple product tokens (&product-tokens;) 2356 and comments (&header-fields;) identifying the agent and its 2357 significant subproducts. By convention, the product tokens are listed in 2358 order of their significance for identifying the application.</t> 2359 2360 <t>Because this field is usually sent on every request a user agent makes, 2361 implementations are encouraged not to include needlessly fine-grained 2362 detail, and to limit (or even prohibit) the addition of subproducts by third 2363 parties. Overly long and detailed User-Agent field values make requests 2364 larger and can also be used to identify ("fingerprint") the user against 2365 their wishes.</t> 2366 2367 <t>Likewise, implementations are encouraged not to use the product tokens of 2368 other implementations in order to declare compatibility with them, as this 2369 circumvents the purpose of the field. Finally, they are encouraged not to 2370 use comments to identify products; doing so makes the field value more 2371 difficult to parse.</t> 2372 2346 <t> 2347 The "User-Agent" request-header field contains information about the user 2348 agent originating the request. User agents &SHOULD; include this field with 2349 requests. 2350 </t> 2351 <t> 2352 Typically, it is used for statistical purposes, the tracing of protocol 2353 violations, and tailoring responses to avoid particular user agent 2354 limitations. 2355 </t> 2356 <t> 2357 The field can contain multiple product tokens (&product-tokens;) 2358 and comments (&header-fields;) identifying the agent and its 2359 significant subproducts. By convention, the product tokens are listed in 2360 order of their significance for identifying the application. 2361 </t> 2362 <t> 2363 Because this field is usually sent on every request a user agent makes, 2364 implementations are encouraged not to include needlessly fine-grained 2365 detail, and to limit (or even prohibit) the addition of subproducts by third 2366 parties. Overly long and detailed User-Agent field values make requests 2367 larger and can also be used to identify ("fingerprint") the user against 2368 their wishes. 2369 </t> 2370 <t> 2371 Likewise, implementations are encouraged not to use the product tokens of 2372 other implementations in order to declare compatibility with them, as this 2373 circumvents the purpose of the field. Finally, they are encouraged not to 2374 use comments to identify products; doing so makes the field value more 2375 difficult to parse. 2376 </t> 2373 2377 <figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="User-Agent"/><iref primary="true" item="Grammar" subitem="User-Agent-v"/> 2374 2378 <x:ref>User-Agent</x:ref> = "User-Agent" ":" <x:ref>OWS</x:ref> <x:ref>User-Agent-v</x:ref> … … 2777 2781 Referer information. 2778 2782 </t> 2779 2780 <t>The User-Agent (<xref target="header.user-agent"/>) or Server (<xref 2781 target="header.server"/>) header fields can sometimes be used to determine 2782 that a specific client or server have a particular security hole which might 2783 be exploited. Unfortunately, this same information is often used for other 2784 valuable purposes for which HTTP currently has no better mechanism.</t> 2785 2786 <t>Furthermore, the User-Agent header field may contain enough entropy to be 2787 used, possibly in conjunction with other material, to uniquely identify the 2788 user.</t> 2789 2783 <t> 2784 The User-Agent (<xref target="header.user-agent"/>) or Server (<xref 2785 target="header.server"/>) header fields can sometimes be used to determine 2786 that a specific client or server have a particular security hole which might 2787 be exploited. Unfortunately, this same information is often used for other 2788 valuable purposes for which HTTP currently has no better mechanism. 2789 </t> 2790 <t> 2791 Furthermore, the User-Agent header field may contain enough entropy to be 2792 used, possibly in conjunction with other material, to uniquely identify the 2793 user. 2794 </t> 2790 2795 <t> 2791 2796 Some methods, like TRACE (<xref target="TRACE"/>), expose information … … 3873 3878 <section title="Since draft-ietf-httpbis-p2-semantics-11" anchor="changes.since.11"> 3874 3879 <t> 3875 None yet. 3880 Closed issues: 3881 <list style="symbols"> 3882 <t> 3883 <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/232"/>: 3884 "User-Agent guidelines" (relating to the 'User-Agent' header field) 3885 </t> 3886 </list> 3876 3887 </t> 3877 3888 </section>
Note: See TracChangeset
for help on using the changeset viewer.