The User Agent problem

About 25 years ago, Mosaic was the main web browser by that time, and they had an idea: including a header in all requests with the browser version. This way, every time a server would receive a request, they would be abl to know what exact browser version was being used on the other side.

User-Agent: NCSA_Mosaic/2.0 (Windows 3.1)

At the beginning it wasn't used too much, However, another browser called Netscape made it popular shortly after. Since the functionalities of both browsers were different, some servers started using this header to determine how to reply to the user requests.

User-Agent: Mozilla/1.0N (Windows)

Instead of using its own name, this Firefox predecessor used the name of their mascot: Mozilla, an abbreviature of Mosaic-killer. But this was just the beginning of the chaos. Other browsers like Internet Explorer used the name of Mozilla to let browsers know they were compatible with that same set of capabilities.

User-Agent: Mozilla/2.0 (compatible; MSIE 3.02; Windows 95)

And this kept growing. Some browsers like Opera let the user choose which browser they should impersonate with a selector. The servers were more confused by the day and knowing who was at the other side was becoming pretty difficult.

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en)
User-Agent: Mozilla/5.0 (Windows NT 6.0; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0
User-Agent: Opera/9.51 (Windows NT 5.1; U; en)

Currently, browsers use an User-Agent that is not related to their name at all. Some servers have to use gigantic databases to detect the current browser based on this header, thus serving the most compatible website. For instance, your User-Agent is:

Unknown

This is why the modern tools used to ensure compatibility such as Modernizr or Polyfill.io are no longer trusting the User-Agent. Instead, they make small tests over the browser to understand its capabilities. This technique is called feature detection.

The existence of millions of different User-Agent headers have also facilitated browser fingerprinting: a set of methods that combine this header with other browser hints to uniquely identify you even when connecting behind a proxy, in an incognito window and with a fake moustache.

Even though this header was born with a good purpose, the time have made it something different. Which is why Chrome have announced that they are going to stop supporting it and other browsers like Firefox are supporting this decision. But, what does that mean in practice?

A week ago I installed a Chrome plugin called User-Agent Switcher and Manager and let this header empty, to see how the sites that I usually visit reply to it. This is a showcase of the results I found.

As you can see, we're not yet ready for a change like this, and probably many sites will never be. Luckily, Chrome is going to apply this change gradually, starting by not updating this header anymore. Farewell, User Agent!

Comentarios

Gall Reply
Suerte que Google hagan un freeze del User-Agent y no un remove... las páginas se ven muy mal

Leave a comment

Get a mail
4d8cd43bbbfbbd2b7aed08d9a2b0ef251cebfd3e2603b74b710a2d38b7f8ec39