Darin Fisher wrote: > > > RFC2616 section 15.1.4 discusses languages. It's talking in the context of accept >headers but it's really the same thing for user-agent. > > > So, following the guidelines of section 15.1.4, you are suggesting that > the UA-string not include a language identifier unless the user > explicitly permits it? Basically, yes. It's difficult to know when to stop, though. Personally, I think revealing my OS just tells attackers what not to try so I don't want to reveal that. Of course, many people disagree. If you start adding options to control peices of the UA string, where do you stop? I would jsut put the whole thing in the UI and let people shoot themselves in the foot, but I'm weird. -- We work to innovate our proactive communities and integrate portals.
