Overview#

User-agent is typically, but not always, a WEB Browser.

User-agent is (a software agent) that is acting on behalf of a user. For example, an email reader is a mail User-agent, and in the Session Initiation Protocol SIP, the term User-agent refers to both end points of a communications session.

User-agent request-header[2]#

The User-agent request-header field contains information about the User-agent originating the request. This is for statistical purposes, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. User agents SHOULD include this field with requests. The field can contain multiple product tokens and comments identifying the agent and any subproducts which form a significant part of the user agent. By convention, the product tokens are listed in order of their significance for identifying the application.

User-Agent     = "User-Agent" ":" 1*( product | comment )

Example:

User-Agent: CERN-LineMode/2.15 libwww/2.17b3

More Information#

There might be more information for this subject on one of the following:

• Application Shell Architecture
• Authentication cookie
• Authorization Code
• Authorization Code Flow
• Authorization Header
• Authorization Request
• Authorization Response
• Authorization_endpoint
• Back-channel Communication
• Browser
• Browser-view
• CSRF Token
• Cache-Control
• Certificate Pinning
• Certificate Validation
• Certificate-based Authentication
• CertificateVerify
• Certificate_list
• ClientKeyExchange
• Content-Language
• Content-Security-Policy
• Cookie
• Covert Redirect Vulnerability
• Cross Origin Resource Sharing
• Cross-site request forgery
• Cross-site scripting
• Derive the Master Secret
• Device Flow
• Display Parameter
• Embedded user-agent
• EncryptedPreMasterSecret
• External User-Agent
• Firefox
• Form Post Response Mode
• Grant Types
• HTTP 301
• HTTP 302
• HTTP 407
• HTTP Request
• HTTP Status Code
• HTTP Strict Transport Security
• Hybrid Flow
• Hypertext
• Hypertext Transfer Protocol
• Identity Token
• Implicit Flow
• Implicit Grant
• JWT Authentication
• Malicious PAC
• OAuth
• OAuth 2.0 Device Profile
• OAuth 2.0 JWT Secured Authorization Request
• OAuth 2.0 Profiles
• OAuth 2.0 Security Best Current Practice
• OAuth 2.0 Vulnerabilities
• OAuth 2.0 for Native Apps
• OAuth Error
• OCSP Stapling
• OpenID Connect
• OpenID Connect Back-Channel Logout
• OpenID Connect Front-Channel Logout
• OpenID Connect Session Management
• Premaster Secret
• Prohibiting RC4 Cipher Suites
• Proxy
• Proxy Auto-Config
• Proxy Server
• Public Key Infrastructure Weaknesses
• Public Key Pinning Extension for HTTP
• Response_type
• Retry-After
• ServerCertificate
• ServerKeyExchange
• Session Management
• Single-Page Application
• Software as a Service
• Strict-Transport-Security
• System browser
• TLS Fallback Signaling Cipher Suite Value (SCSV)
• TLS Session Resumption
• Token Binding Protocol
• Token Storage
• U-Prove
• W3C Credential Management API
• W3C WebAuthn
• Web Linking
• Web Proxy Auto-Discovery Protocol

---

• [#1] - User Agent - based on data observed:2015-05-18
• [#2] - Hypertext Transfer Protocol -- HTTP/1.1 - based on data observed:2015-05-18