Can $ _SERVER ['HTTP_USER_AGENT'] contain a "+" character?
I was wondering if it could $_SERVER['HTTP_USER_AGENT']
output user agents with a +
a space instead. I can see there are many votes in my site's voting system using in user agent plus, for example:
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:33.0)+Gecko/20100101+Firefox/33.0 Mozilla/5.0+(Windows+NT+5.1;+U;+en)+Presto/2.10+Version/11.60
I suspect this is some kind of cheating software that cheats user agents but does it wrong. Is this true, or do user agents really look like this?
source to share
You can already see that the user agent headers might look like this because they look like this;) However, a real Mozilla browser won't replace spaces with +
. You can rest assured that this is not a Mozilla browser.
But what does the HTTP standard say ?
The User-Agent Request-Agent header field contains information about the user agent initiating the request. This is done for statistical purposes, tracking protocol violations, and automatically recognizing user agents to tailor responses to avoid the constraints of a specific user agent. User agents MUST include this field with requests. The field can contain multiple product tokens (section 3.8) and comments identifying the agent and any by-products that make up a significant portion of the user agent. By convention, product tokens are listed in order of importance to identify the application.
Let's look at section 3.8.
Product icons are used to allow applications to communicate themselves by software name and version. Most of the fields that use product markers also allow for the listing of by-products that make up a significant part of the application , separated by a space . By convention, the products are listed in order of importance for the identification of the application.
First, the standard defines it as SHOULD
which is sent by the client, which means it is optional. On the other hand, section 3.8 proposes the use of spaces to delimit individual functions. But nothing is really standardized. The version number probably looks like CoolBrowser2+
. Comments are also allowed.
source to share
The standard format for HTTP_USER_AGENT
and for other data passed through $_SERVER
is usually a series of words separated by a character
that is %20
URLencoded. Anyway, this is a STANDARD, a kind of convention, user_agent is just a kind of informative text, not code or language: nevertheless, all "regular" browsers will send a request HTTP_USER_AGENT
that conforms to the standard. If you see this in a weird format, someone might be experimenting with your spending on your site ...
source to share