The IE7 User-Agent String


In April 2005, we blogged about the new Internet Explorer 7 User Agent string sent to websites by the browser to identify itself.  Since our original blog posting, we have also posted two new articles on the topic to MSDN: Understanding User-Agent Strings, and Best Practices for detecting the Internet Explorer version.

A quick recap:

  • On Windows XP SP2, IE7 will send the following User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
  • On Windows 2003 Server, IE7 will send the following User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2)
  • On Windows Vista, IE7 will send the following User-Agent header: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)

Over the last eighteen months, most sites that had previously blocked the new version of Internet Explorer have been updated, and we’re happy to report that the vast majority of Internet sites are now accessible using IE7.

There are a few remaining sites which fail to recognize IE7 because they are performing exact string matches to look for specific IE version strings. Those checks will need to be removed or updated to accommodate IE7. The Best Practice document linked above provides suggestions.

To enable you to workaround any remaining sites that block access to Internet Explorer 7, we developed the User Agent String Utility.  The utility comes in the form of a small executable that opens an IE7 instance that sends the IE6 user agent string.  It also provides a mechanism for you to report problem web sites to Microsoft so that we can follow up with the affected site owners.  Please download the tool and give it a try.

We look forward to your feedback!

Eric Lawrence

Comments (64)

  1. Erik says:

    Ok, I understand the historical reasons for including the string "Mozilla" in IE’s user agent, but c’mon, its 2006. I think its time to move on. Of course it won’t happen until developers stop depending on it…..but I’m saying it anyway.

  2. mike says:

    Hi

    There is a rumour now circulating on webmaster and domaining forums saying that IE7 will be out sometime in the next 2 weeks.

    Can you confirm if this is true? If it isn’t just say so and quash the rumour-mongering now.

    Regards,

  3. rc says:

    Where transcript of recent chat with IE team can be found?

  4. __hAl__ says:

    Why not state already now that you will loose the Mozilla 4.0 compatible part fron the string for IE8.

    If you announce it now webdevelopers around the world will be able to adjust their sites for a year or more and it would also be possible to set up a good way of informing sites that that they are doing an incorrect check well in advance.

  5. Raphy says:

    I’m using Windows Vista RC1 and cannont download this tool. Is there a way to get this little programm?

  6. Luc says:

    why not give the possibility to change the user string from the IE7 instead use the registry or external utilities?

    For example a drop down menu to choose new IE7 user agent string and old IE6 user agent string

  7. Sven Groot says:

    @Luc: that doesn’t seem a good idea to me.

    As a webdeveloper, I absolutely hate it when user agents lie about who they are. The only times I use UA detection is when I know 100% certain that a certain UA doesn’t support something I’m doing. Unknown UA’s always get the full featured site, written to w3c standards to the best of my ability.

    So if I used some feature that doesn’t work properly in Opera, and Opera tells me it’s IE, it gets the wrong version of the page and thus it breaks.

    UA changing should be done only as a last resort for those poorly coded sites that lock unknown strings out. It should not be easily accessible.

    Plus, since 90% of IE users probably don’t know what a user agent string is and shouldn’t need to, such an option would only create confusion.

    Just my 4c (inflation).

  8. Mark Kenny says:

    People are blocking visitors based on user string? People are still doing that??? I thought we left the stone age behind.

  9. Nicholas Stehle says:

    Indeed.  Isn’t it a bit silly for a website owner (whose mission it is to drive traffic) to block users based on strings?  Seems counter-productive to me.

    I once switched banks because they wouldn’t recognize my wife’s web browser (Safari).  I’d do the same thing if they wouldn’t recognize IE 7 or any other major browser.

  10. mocax says:

    many people simply copied ancient "browser check" functions from some javascript resource websites, with no clue in what the functions actually do.

  11. Mitch 74 says:

    Frankly, I’m not shocked by the Mozilla/4.0 part of the string – it’s actually useful to point out the fact that IE7 is still an HTML4 (fourth generation) browser that can’t handle XHTML, while the competition can (fifth generation – Mozilla/5.0 used by Mozilla browsers since 2002).

    No, the only ‘XHTML’ IE 7 can handle is one following the XHTML 1.0 Appendix C using text/html IME type and the recommendations for ‘compatibility with outdated browsers’ – meaning IE is already outdated while it’s still ot out yet.

    What I find shocking is IE still returning ‘*/*’ for supported mimetypes – when it can only understand text/html, text/plain, application/xml (after a fashion), and it will just prompt to download the rest.

    Hey guys, wake up! Even .Net is already using XHTML!

  12. There is no "Mozilla" browser.  There is a "Mozilla Suite" though it will not reach version 4.0 as it now known as "Mozilla SeaMonkey". Please remove this useless "Mozilla/4.0 (compatible; " junk from the user-agent string.

    While as Mitch’s explanation in regards to XHTML and mimes are correct no one in their right mind serves mimes based on the ‘Mozilla compatible version’. It’s junk and even worse takes up huge amounts of space in access logs. This needs to be removed!

    Internet Explorer’s user-agent strings should appear as so…

    MSIE 7.0; Windows NT 5.1;

    MSIE 7.0; Windows NT 5.2;

    MSIE 7.0; Windows NT 6.0;

    The following would also be acceptable…

    MSIE 7.0; Trident/5700.6; Windows NT 5.1;

    MSIE 7.0; Trident/5700.6; Windows NT 5.2;

    MSIE 7.0; Trident/5700.6; Windows NT 6.0;

    (Assuming 5700.6 is the last public build)

    Also the fact that Mozilla appears first in the UA string suggests that it is a Mozilla product by the name of IE.  Just like the address bar in IE7 (by default) being above the file menu suggests the site’s webmaster has right of control above the visitor using IE.

    I have written a recommended User-Agent standard for browsers and spiders.  Suggestions are welcome.

    http://www.jabcreations.com/web/user-agent-standard.php

  13. Chris says:

    What is the point of leaving comments like this?  Grow up!

  14. Matt Kruse says:

    After over 5 years of IE6, and Firefox beating IE in almost every single area, I expected IE7 to be a huge step forward in an attempt to actually compete with Firefox. Sadly, it doesn’t look like it’s even close. I’ll continue to recommend that people move away from IE in favor of FF.

    Maybe in another 6 years aftrer IE8 is released (2012) they will finally catch up…

  15. Mike Dimmick says:

    The amount of JavaScript out there that keys off the relative location of ‘MSIE’ in the current string makes it very difficult to change it. Changing the version number is not a problem since most scripts are already looking in this location for a version number, although they won’t necessarily assume that 7.0 is better than 6.0, of course…

    The reason for "Mozilla/4.0 (compatible)" goes right back to Netscape 4.0, which identified itself as "Mozilla/4.0"; when that was the dominant browser, it helped IE – for exactly this reason – to dupe existing browser detection code into thinking that IE was Netscape.

    A great number of websites are not actively maintained; even if they are, needless changes cause extra pain for the developer. Anyone who did implement standards mode (supplying a proper DOCTYPE) for IE6 but with hacks that are now broken may have to revisit pages they haven’t otherwise touched for up to five years.

  16. Aedrin says:

    Open documents in IE7? I thought it was a web browser…

    Note to self: People will never be happy with what they get.

  17. Fduch says:

    Documents = pages I work with

    Will you be happy if your browser often crash and doesn’t recover your work after this?

    If you can, make a browser that doesn’t crash

    If you cann’t do so, make the crashes less painful.

    MS Office 2007 Applications are much more complex than IE7 BUT ULIKE IE7 they worked good since the first beta and will work even better after release. Word crashed 4 times through half a year. And it just restarted itself with RESTORED document. No pain.

  18. StopCounterfeiting says:

    Mozilla is a trademark. Why are you violating a trademark and pushing a product labled as a Mozilla product, taking advantage of the good name of Mozilla? It is wong to misrepresent yourself to be Mozilla when you are clearly not! That’s called counterfeiting!

  19. Mozilla says:

    Although many uses of Mozilla’s trademarks are governed by more specific rules, which appear below, the following basic guidelines apply to almost any use of Mozilla’s trademarks in printed materials, including marketing, fundraising and other publicity-related materials, and websites:

    • Proper Form – Mozilla’s trademarks should be used in their exact form — neither abbreviated nor combined with any other word or words (e.g., "Thunderbird" rather than "T-Bird" or "Thunderbinary");

    • Accompanying Symbol – The first or most prominent mention of a Mozilla trademark should be accompanied by a symbol indicating whether the mark is a registered trademark ("®") or an unregistered trademark ("™"). The Mozilla trademarks include, among others, the names Mozilla®, mozilla.org®, Firefox®, Thunderbird™, Bugzilla™, Camino®, Sunbird™ and Seamonkey™, as well as the Mozilla logo, Firefox logo, Thunderbird logo and the red lizard logo. As Mozilla registers others, it will update this policy;

    • Notice – The following notice should appear somewhere nearby (at least on the same page) the first use of a Mozilla trademark: "[TRADEMARK] is a ["registered", if applicable] trademark of the Mozilla Foundation";

    • Distinguishable – In at least the first reference, the Trademark should be set apart from surrounding text, either by capitalizing it or by italicizing, bolding or underlining it.

  20. rc says:

    @ StopCounterfeiting

    If it worries you so much, you can bring an action against Microsoft and gain a suit at law. But your laments here are useless though quite rightful.

  21. Dave H says:

    If Windows Internet Explorer 8 were to drop "Mozilla" from the User-Agent string, I’d suggest a switch to simply:

    WIE/8.0 (Windows NT 6.0)

    Alternatively, if too many sites appear to be sniffing for the string "MSIE" to make this viable:

    WIE/8.0 (MSIE 8.0; Windows NT 6.0)

  22. Omar A. Perez says:

    In Windows Vista RC1, Firefox Works better than the default browser, what a shame for the team that develops the default browser.

  23. WhiteAcid says:

    A while back I made a blog post about UA strings and how I think they should look. I know this won’t happen for a long time if ever but here’s my post:

    http://blogs.securiteam.com/index.php/archives/217

    That would just make life so easy.

  24. John says:

    There is a right way to do it, and trademark or no trademark, you have to admit, the way it is now is wrong.

    IE7 is the right time to get the momentum out to implement the user agent string correctly.

    If IE7 does it, maybe everyeone else will follow. Just think of the bandwith savings in sending ‘MSIE’ rather than ‘Mozilla’, that’s a savings of 3 characters right there. Multiply that by billions and billions served.

  25. luc says:

    @Omar A. Perez

    Firefox can’t work better than IE7 in Windows Vista, because Firefox doesn’t have the protected mode. So Firefox is less safer than IE7 under Windows Vista

  26. Fred says:

    It’s funny that the same ridiculous comments get posted each time they blog about this… There’s a reason they keep blogging on this thing– because sites are still so stupid that the user agent string breaks when you change the number 6 to 7 (and they’ve had this in for over a year now!).  What do you think would happen if they took out the "Mozilla"?

    You can try it… use a debugger to change the User-agent string to your proposed string and see how many million sites break.

    If you look at the tradeoffs, they made the right choice.

    =Fred

    PS: The idea that trademark law is relevant here is just stupid.  If that worked, all Microsoft would have to do is put the name of say "Windows" in a protocol identification string (say SMB) and bingo– no one (e.g. SAMBA) would be allowed to use your protocol ‘cuz they’re not allowed to send the required string.  

    The only thing worse than a lawyer is a non-lawyer who tries to sound like one.

  27. __hAl__ says:

    Thare are now two extremly critical vunerabilities on the loose for IE6 that are both being activly exploited.

    It seems the VML issue might even be exploitable by just sending an email to an outlook 2003 user (according to Eric sites from Sunbelt software).

    I surely hope that MS is not going to wait untill next month to release  fixes !!!

  28. @Mark Kenny

    >People are blocking visitors based on user string? People are still doing that??? I thought we left the stone age behind.

    Unfortunately, this is happening again in the mobile Internet. In Austria, for example, a big mobile phone operator is abusing the user-agent string to distinguish whether the phone was sold by him (branded ua-string) or not. In the second case — when you bought an unlocked or unbranded phone by your own — the access to the Web site is blocked.

    I have started a campaign in Austria to raise awareness of this emerging issue in the mobile Internet: http://freechoiceofmobile.org/

    It is sad, that there are still companies that do this kind of Web browser discrimination intentionally. If you understand German, I recommend reading the arguments that are trying to defend this practice. It will make you laugh 😉

  29. goose says:

    Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)  <<<< This is the most bug-free string!!! IE7 on Vista!!! IE is purfect!

    I will be upgrading right away! Microsoft programmers get paid and work harder and faster than open sores Firefox grammers coz they eat more!!

    Vista will be the best OS that ever livd! Good job Microsoft! Always bug-free!

  30. norman says:

    @hAL

    1) the VML exploits don’t work on Windows XP SP2

    2) any antivirus software protect you.

    3) only warez and porn bad web sites are dangerous

    4) IE7 is not vulnerable

  31. Ben says:

    @Fduch

    IE uses COM to display your Word documents in the IE window. Whilst it may be IE causing it to crash (COM isn’t the most reliable of mechanisms), it may well be Word that is crashing your documents, not IE.

    Plus this is an *RC* – not a formal release. Like a beta, with an RC you take on the risks of potentially unstable software. So don’t go throwing a paddy – it’s your own fault!

  32. spf1 says:

    It would really help me if someone could explain in layman’s terms why the user agent has anything other than MSIE in it. Was IE based on Mozilla or something? Thanks.

    Bring Back the Image Toolbar!

  33. EricLaw [MSFT] says:

    @spf1: Back in the early days of the web (circa 1995), many websites wouldn’t return certain content (e.g. frames, images, etc) unless your browser sent a certain identification string.  Hence, all browsers that had feature parity with the Netscape browser of the time used a similar string.

    Now, many years later, there’s a large body of server-side code which expects to see these strings, and hence IE continues to send them.

  34. hAl says:

    @Norman

    The VML vunerablity works on fully patched Windows XP.

    http://sunbeltblog.blogspot.com/2006/09/seen-in-wild-zero-day-exploit-being.html

    And here the guy who found the vunerability claims it also workt in some versions of outlook without user action:

    http://sunbeltblog.blogspot.com/2006/09/eric-talks-about-vml-exploit-on-steve.html

    If it would work in outlook that it would be extremly dangerous.

  35. A says:

    "MSIE 7.0, Windows NT 6.0"

    That’s the perfect string. I thought you didn’t care of breaking the compatibility of MSIE6.0-webpages.

  36. Jim Vierra says:

    The User Agent String Utility is useful but would be better if it was designed as a button on IE7 that would refresh the page to the displayed website with an IE6 string.  

    This is useful when a site displays poorly and you just want to be able to get it to behave for the time being.

    Many sites use edit controls that grab the string and decide how to display the edit control.  Leaving IE7 and restarting is sometimes a pain.  This would help in this case.

    It’s good now but if any chages are made to the utility this might be a good update for it.

    Thanks for the agent.

  37. Aedrin says:

    "I thought you didn’t care of breaking the compatibility of MSIE6.0-webpages."

    I believe just as Microsoft always has, they are striving to maintain a high backwards compatibility rate.

  38. Tom says:

    A little history lesson for spf1 and others: "Mozilla" was the code name (and mascot) for Netscape.  Therefore, Mozilla 4.0 would be Netscape Navigator 4.0.  Back in the day, IE had to pretend to be Netscape to get the good versions of websites, due to user agent sniffing.

    When Netscape released the source code for their browser, they named the project after their mascot and code name, creating the Mozilla we know today.

  39. dnstest says:

    Keeping the Mozilla/4.0 doesn’t make complete sense because those sites doing the browser check are going to have to update their code anyways (no matter the extent of the UA string change).  In other words, a clean break from this does seem plausable.

    However, as someone already pointed out, it is still a Mozilla 4.0-compliant browser.  The UA string has been misused and butchered, but technically speaking, keeping the Mozilla/4.0 does make some sense.

    I think many lack understanding of the meaning and history behind the UA string.  Do not confuse the Mozilla tag with the modern-day Mozilla.org.  The two are completely unrelated in that Mozilla.org is an open-source development community that derived itself from the old Netscape, which of course used Mozilla as the code name for it’s rendering engine (just like MS uses Trident as the code name for the IE rendering engine).  Mozilla/4.0 roots from the days where Netscape ruled, and that tag simply implie(d/s) the HTML compatibility level that a given browser has.

    I’m sure I am on target, but if you are more knowledgable about this, please don’t tear me a new one.  Instead, please elaborate on this.

  40. norman says:

    @hAl

    active scripting is disabled in Outlook so the exploit can’t work!!!

  41. nike says:

    Why don’t you speak with Mozilla team and change the UA together (in FF 2.0 & iE 7)? You could use a standard UA system. For example:

    For iE: "MSIE/7.0; Trident/TRIDENTVERSION; WindowsNT/6.0"

    And FF: "Firefox/2.0; Gecko/GECKOVERSION; WindowsNT/6.0"

    It would be really useful for webmasters to have a standarized form, so we could know all the data easily…

  42. hAl says:

    @norman

    I take it that you now found that the vml issue does work on XP ?

    The issue of outlook raised in de podcast already mentiones that not all outlook versions are vunerable so thhat might be related to a specific outlook implementation.

  43. spf1 says:

    @ WhiteAcid & EricLaw [MSFT]

    Thanks for that. I was expecting a rude "use google" answer.

    Can’t wait, looking good so far.

    ——————————

    Bring back the Image Toolbar!!

  44. Dmitri says:

    PingBack from http://www.savahost.com/art_optimization/stats.htm

    Пользование серверной статистикой и User-Agent String. (in russian)Server statistic & User agent string.

  45. pascal says:

    @Nike

    The Mozilla way for UA is already standardised and your simplified UA would result in losing lots of information currently conveyed by the Firefox UA string, information used by websites and extensions.

    You have more information about Firefox UA strings here:

    http://www.mozilla.org/build/revised-user-agent-strings.html

  46. enore savoia says:

    PingBack from :http://exploit.blogosfere.it/2006/09/web_browser_internet_explorer_7_user_agent_string_1.html

    Web Browser : Internet Explorer 7 – User Agent String Utility version 2

    A utility that opens an Internet Explorer 7.0 window that is configured to report its identity to websites as being Internet Explorer 6.0 .

  47. Thany says:

    I always wondered what "compatible" is supposed to mean? What exactly is MSIE compatible with??

  48. Exploit says:

    A utility that opens an Internet Explorer 7.0 window that is configured to report its identity to websites as being Internet Explorer 6.0 .di enore savoiaSystem Requirements :Supported Operating Systems: Windows Server 2003; Windows Server 2003 Service

  49. usafret05 says:

    Since I have downloaded IE7 RC1, I have not been able to enable JavaScript.  Under options I have it enabled, but still can’t go to sites that have JavaScript.  I also can’t go to the microsoft update page,  I need help and can’t seem to get any one that can help me.  Please guide me to the correct area, Please.

  50. RQ says:

    @EricLaw [MSFT]

    "Now, many years later, there’s a large body of server-side code which expects to see these strings, and hence IE continues to send them."

    Will that change in the next year? Or 2010? No, it won’t. As long as we’ll keep avoiding solving this problem, it will remain there. Does that mean we’re doomed to having "Mozilla/4.0 (compatible)" for the rest of our lives? Is the value gained by this (a few months of avoided headache, and then most of still relevant sites would be updated) really bigger than the tradeoff?

  51. EricLaw [MSFT] says:

    @RQ: Given that there’s no significant benefit to changing the user-agent string, no, we don’t think that users would be willing to suffer the compatability impact.

    The hope, of course, is that browser-sniffing is something that fewer and fewer sites need to do.

  52. Just read a article from MS guy and got a idea why I cannot use IE7 to visit some web sites while IE

  53. With today’s release of Internet Explorer 7, I would be remiss if I didn’t inform anyone who hasn’t yet…