The Problem Of Long Web Browser User-Agent Strings

Every web browser sends, on every request, a user-agent request HTTP header to the server.

If you are curious about how Internet Explorer’s user-agent string is form, read this article.

This information is used by server software to identify the web browser the user is using and its capabilities and determine if it’s enough for use in this web site or to perform differentiate rendering.

In the past there have been several reports of user-agent string buffer overrun attacks and some web servers and firewalls have chosen to block access to requests that have a user-agent string over some length.

The problem that arrives now is that, due to other software installed in the user’s system, the user-agent string has been growing past the limit allowed by some web servers and firewalls.

As an example, my web browser’s user-agent string, at this moment, is:

Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; WOW64; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.21022; .NET CLR 3.5.30729; .NET CLR 3.0.30618; Zune 3.0; OfficeLiveConnector.1.3; OfficeLivePatch.1.3; MS-RTC LM 8; SPC 3.1 P1 Ta)

With a user-agent string like this (275 characters long) I’ve been locked out of sever sites.