我想知道 $_SERVER['HTTP_USER_AGENT'] 是否可以用 a + 而不是空格输出用户代理。我在我的网站的投票系统中看到很多投票,在用户代理中使用加号,例如:
Mozilla/5.0+(Windows+NT+6.2;+WOW64;+rv:33.0)+Gecko/20100101+Firefox/33.0
Mozilla/5.0+(Windows+NT+5.1;+U;+en)+Presto/2.10+Version/11.60
我怀疑这是某种欺骗用户代理的作弊软件,但做错了。这是真的吗,或者用户代理真的可以看起来像这样吗?
最佳答案
您已经看到用户代理 header 可以看起来像这样,因为它们看起来像这样。 ;) 但是,真正的 Mozilla 浏览器不会用+ 替换空格。您可以确定这不是 Mozilla 浏览器。
但是 HTTP standard 是怎么说的? ?
The User-Agent request-header field contains information about the user agent originating the request. This is for statistical purposes, the tracing of protocol violations, and automated recognition of user agents for the sake of tailoring responses to avoid particular user agent limitations. User agents SHOULD include this field with requests. The field can contain multiple product tokens (section 3.8) and comments identifying the agent and any subproducts which form a significant part of the user agent. By convention, the product tokens are listed in order of their significance for identifying the application.
让我们看看第 3.8 节
Product tokens are used to allow communicating applications to identify themselves by software name and version. Most fields using product tokens also allow sub-products which form a significant part of the application to be listed, separated by white space. By convention, the products are listed in order of their significance for identifying the application.
首先,标准将其定义为应该 由客户端发送,这意味着根本没有必要。另一方面,第 3.8 节建议使用空格来分隔各个特征。但没有什么是真正标准化的。版本号可能类似于 CoolBrowser2+。也允许评论。
关于php - $_SERVER ['HTTP_USER_AGENT' ] 可以包含 '+' 符号吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/30777413/