Ha. I don't have a good answer for that. I think It must vary from day to day, based on what our security provider software deems "insecure" at the moment, and they wouldn't tell us if we asked. Nate ----------------------------------------- Nate Trail Network Development & MARC Standards Office LS/ABA/NDMSO LA308, Mail Stop 4402 Library of Congress Washington DC 20540 -----Original Message----- From: Code for Libraries [mailto:[log in to unmask]] On Behalf Of Gorman, Jon Sent: Friday, July 29, 2016 3:30 PM To: [log in to unmask] Subject: Re: [Code4Lib] Schema Validations at Library of Congress > For Security Reasons, the Library of Congress has begun filtering > (blocking) HTTP requests that do not express a userAgent in the header. Curiosity compels me to ask, is there a whitelist of user agents allowed? Or is it just the presence of any user agent, even something like "RadHackerzTotalAnnoyanceDDOSmytotalllyrandomstringperrequest", allowed? Jon Gorman Library IT University of Illinois 217 244-4688