Geek Answers Handbook

Is the absence of a user agent in an HTTP request valid?

We noticed that from time to time we receive an HTTP request without a valid User-Agent string. Is there any real real case for accepting this type of HTTP request?

i.e. Why don't we block the entire IP address from which this type of request is received?

UPDATE My intention with the phrase "real world" was to indicate that I am not asking about what technically can or cannot happen. Obviously, it can send HTTP requests without any headers. I am wondering what the โ€œrealโ€ case is that you could resolve for this type of HTTP request on your server.

+12
source share
2 answers

I assume that many people use HTTP requests without a User-Agent, mainly when they use the API to execute the request.

+10
source

As indicated in RFC 7231 (but almost the same paragraph can be found in RFC2616 ):

5.5.3 User-Agent

The User Agent header field contains information about the user agent initiating the request, which is often used by servers to determine the extent of reported compatibility problems, to manage or adapt responses to avoid certain restrictions of the user agent, as well as analytics regarding the use of the browser or operating system . The user agent MUST send the User-Agent field in each request, unless specifically configured for this.

The keyword here SHOULD. And yes, there is an RFC that defines what this word should mean, RFC 2119 :

  • SHOULD This word or the adjective โ€œRECOMMENDEDโ€ means that there may be reasonable reasons in certain circumstances to ignore a specific item, but all the consequences should be understood and carefully weighed before choosing a different course.

So, although agents that do not send User-Agents do not follow what might be considered best practice, they do not violate any rule (rfc). Thus, in my opinion, there really is no real technical reason to block them.

+12
source

More articles:


All Articles