Are requests with no UserAgent header a risk?

A service I use has decided to block HTTP requests that do not provide a UserAgent, citing security reasons.

As far as I can tell, the UserAgent is a string without a standard format used primarily for statistics, serving different page versions (eg mobile), and blocking bots. The RFC says it SHOULD (but not MUST) be sent.

Why Shellshock works in useragent string? suggests that a malicious UserAgent could be constructed, but the service is blocking requests without a UserAgent.

Is there a vulnerability around absent UserAgent headers I'm not aware of?


Category: http Time: 2016-07-29 Views: 0
Tags: http header

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development


Front-end development


development tools

Open Platform

Javascript development

.NET development

cloud computing


Copyright (C), All Rights Reserved.

processed in 0.148 (s). 12 q(s)