I was wondering if $_SERVER['HTTP_USER_AGENT']
can output user agents with a +
instead of a space. I'm seeing a lot of votes being made in the voting system of my website, using a plus in the user agent, such as:
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:33.0)+Gecko/20100101+Firefox/33.0
Mozilla/5.0+(Windows+NT+5.1;+U;+en)+Presto/2.10+Version/11.60
I suspect that this is some sort of cheating software that spoofs the user agents, but does it wrongly. Is this true, or can user agents really look like this?
You already see that user-agent headers can look like this since they are looking like this. ;) However, a real Mozilla browser would not replace spaces by
+
. You can be sure that this was not a Mozilla browser.But what says the HTTP standard?
Let's have a look at section 3.8
First, the standard defines it as
SHOULD
being sent by the client, meaning it is not necessary at all. On the other hand section 3.8 suggests to use spaces to delimit individual features. But nothing is really standardized. A version number could probably look likeCoolBrowser2+
. Also comments are allowed.