Client and Server Identification
Clients and servers can optionally identify themselves. Clients send
a User-agent
header and servers sent the
Server
header. Even though these headers are
optional, the protocol specification encourages their use. Some
benefits are:
Servers can respond with customized content for a particular client. Such customized content may work around a bug in a particular version of a browser, or may make use of advanced features in more modern browsers when possible.
Surveys and statistics collections of browser and server deployment.
Tracking of client or server software that violates the HTTP specification.
However, when a server identifies itself, there is some security
risk, given that a user now knows the type of server and may be able
to apply security exploits for a known vulnerability on a particular
version of the server software. In light of this, some web servers
are configured to not display the Server
header.
Get HTTP Pocket Reference now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.