On Tue, Jan 27, 2015 at 1:16 AM, Chris Peterson <cpeter...@mozilla.com> wrote: > Firefox, Chrome, and IE only support HTTP/2 over TLS, even though the spec > does not require it. What if browser vendors similarly agreed to never send > the User-Agent header over HTTP/2? > > If legacy content relies on User-Agent checks, it could: > > * Stick with HTTP/1.1. > * Use HTTP/2 connection upgrade from HTTP/1.1, grabbing the User-Agent > header on the initial HTTP/1.1 connection. > * Check navigator.userAgent on the client. > > If we can't kill the User-Agent header at this juncture, then when? :)
There's still too many actually useful things that websites use the UA-string for, and for which we don't have a replacement. We keep telling websites to not use the UA string, however we've so far been very bad at asking them why they use the UA string and then create better alternatives for them. Essentially many websites need to do server-side feature detection in order to determine what version of the website to serve. However we expose *very* few client capabilities in the original HTTP request to a website. Essentially only "supports HTML", which clearly isn't terribly useful. We do also send some information related to the actual network connection (like http/2 support and content-encoding support), but that's not helping the server detect what the browser can do once content has been received. The result is that servers detect client capabilities by trying to identify the UA and then look up capabilities in a server-side database. So no, I don't think that we can get rid of the UA-string. At least until we provide other information to the server about client side capabilities. / Jonas _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
