User agents are nearly unenforceable in HTTP requests executed through XSLT. I don't think this affects me with respect to Library of Congress web services, but I can see it being a problem for someone else. Wouldn't the best course of action be to block known bad bots rather than block everyone that doesn't implement a user agent? On Fri, Jul 29, 2016 at 3:29 PM, Gorman, Jon <[log in to unmask]> wrote: > > For Security Reasons, the Library of Congress has begun filtering > (blocking) > > HTTP requests that do not express a userAgent in the header. > > Curiosity compels me to ask, is there a whitelist of user agents allowed? > Or is it just the presence of any user agent, even something like > "RadHackerzTotalAnnoyanceDDOSmytotalllyrandomstringperrequest", allowed? > > > Jon Gorman > Library IT > University of Illinois > 217 244-4688 >