browser - Is server-side useragent detection bad? -

browser - Is server-side useragent detection bad? -

clientside useragent detection is known bad, bad react differently based on incoming useragent in http request

an illustration sniffing types of browsers out of img requests , sending smaller or larger images based on whether incoming useragent mobile or desktop.

i think depends motivation is. example, in mobile web sector attempting provide user looks sensible on platform. why concerned user-agent user reporting, when purely own benefit? if go effort of tricking different user-agent, person suffers. main problem of course of study false positives; it's not exclusively reliable.

i follow argument should not rely on such, mobile developers under attack generic broad statements this. yes there alternatives, across every browser can imagine, info can useful @ point certainty begins degrade.

what don't ever plain-text header utilize facilitate access control.

user agent detection considered bad when there improve alternatives, there no harm in including in detection process degrades gracefully in certainty.

the issue have whole process caught in providing user sensible, never seem think it's acceptable inquire when uncertain. if uncertain user-agent, why not inquire 1 time , store? can utilize user-agent guideline.

so conclude thoughts, user-agent header unreliable, bad rely on it. doesn't mean can't extract grade of valuable info more reliable options leave in uncertain state. in general it's wrong conclude bad. it's info makes bad or not.

update

after seeing updates question, have next comments contribute. want sniffing image requests , providing client image based on user agent?

if variable maybe work, it's case thing varying images. don't want observe per request because i want serve client coherent solution. means served them page causes them request right resources. page yields single coherent solution of integrated resources. variations in document work particular view.

i respect chance of user-agent string changing mid-view slim doesn't seem worth worrying about. adopting principle reduces number of times need perform browser/platform detection, can beneficial. allows switch views on client much more easily. if client says got view wrong, tablet not phone, how go correcting that? serve user improve page, otherwise need spoofing headers image requests... terrible idea. don't utilize user-agent string serve generic resources images.

potential improvements

platform identification active area of modern developments in web. computing becomes more ubiquitous , platforms vary much more widely, our need understand platforms serving increases. think general solution problem under current conditions going fall on fingerprinting , statistical analysis.

consider application - akinator.com - notice how statistical analysis huge set of sparse info annoyingly accurate. in limited environment (the set of browser configurations), can imagine inquire client's browser questions. perform statistical analysis on response in n-dimensional feature space. using user-agent dimension of space going useful , self limiting, depending on results find. if it's largely inaccurate see big spread, , amount of worth derive self limiting.

of course of study ability derive value statistical model requires able obtain verified truths. be, example, running javascript test-suite observe client side js capabilities, or indeed, in uncertainty, can inquire user tell platform is.

for farther reading i'd refer article mozilla

https://developer.mozilla.org/en/browser_detection_using_the_user_agent

today, looking these strings way know device runs on mobile device (resp. tablet) before serving html.

browser user-agent browser-detection