User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-au) AppleWebKit/533.16 (KHTML, like Gecko) Version/5.0 Safari/533.16 Build Identifier: As many have noted, IE9 has dramatically shortened their UA string: http://blogs.msdn.com/b/ie/archive/2010/03/23/introducing-ie9-s-user-agent-string.aspx Since this will break the worst UA sniffing offenders, it's a great opportunity for Mozilla to also clean up its UA string. AIUI most of the arguments against cleaning up the UA string are that it will break sniffing libraries... FF 3.6.6 currently sends (on OSX): Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-GB; rv:126.96.36.199) Gecko/20100625 Firefox/3.6.6 The new IE UA string is something like: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) A few points for discussion: * The UA isn't a good place for the UI language; Accept-Language is more appropriate (bug 55366). * Including the chipset and OS version reveals too much information and wastes space (bug 57555). * Is the rv parameter repeating information available (in a different form) in the Gecko product token? * What's the additional information added in "Macintosh" over "Mac OS X"? * The IE team now don't allow third parties to modify or add to their UA string. Should a simliar policy be considered here? I'm also going to open a discussion of what meaningful text can be added to HTTPbis to improve guidance for implementers, suggestions welcome. Reproducible: Always
Bug 572650 is the modern tracking bug covering theses points now, so I think it's best to dupe this there and file separate bugs for each point as needed. A bit of this is already covered elsewhere. (In reply to comment #0) > * The UA isn't a good place for the UI language; Accept-Language is more > appropriate (bug 55366). -> bug 572656 > * Including the chipset and OS version reveals too much information and > wastes space (bug 57555). On uncommon occasions it might be valid to need to know it, but there are arguments for and against. (I don't personally have an opinion on either) > * Is the rv parameter repeating information available (in a different form) > in the Gecko product token? -> bug 572661 > * What's the additional information added in "Macintosh" over "Mac OS X"? Once upon a time, I think there was less info in the second part, thus necessitating the first. Now, I do agree it's largely redundant and duplicating and repetitive. It's even more odd looking now that the intermediary "U;" is going away per bug 572668. > * The IE team now don't allow third parties to modify or add to their UA > string. Should a simliar policy be considered here? Dear god yes. I'd suggest filing a single bug for that though and cite MS' statement of that. (and ironically, MS is a common culprit here) One hic-up in attempting to do that here is that we'd still want the user to be able to modify things, so one way or another it'd be hard to enforce. See bug 566434 for a more conservative tactic.
No longer blocks: 71569
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: http-fingerprint
You need to log in before you can comment on or make changes to this bug.