user-agent header requirement is not a security feature

Issue #65 resolved
Nat Sakimura created an issue

“shall send User-Agent header that identifies the client, e.g., User-Agent: Intuit/1.2.3 Mint/4.3.1; and” The note says that this is not a security feature. It is dangerous to depend on it. It is just FYI. The "shall" should be changed to "should".

Comments (7)

  1. Nat Sakimura reporter
    • changed status to open

    WG discussed this in the call and agreed to drop it from this part and move it to Part 4 where we can further discuss whether we should even keep it there.

  2. Log in to comment