Browser detection

[johnnyk]

How reliable is PHP's browser detection? I'm assuming it's set by the user agent, so is it ever wrong?

[willfitch]

It's as reliable as the headers being sent to the web server. 

$_SERVER['HTTP_USER_AGENT']

[johnnyk]

So what does that mean? php.net says $_SERVER['HTTP_REFERER'] isn't reliable because it can be modified by the user-agent. Can $_SERVER['HTTP_USER_AGENT'] be modified by the user agent?

[Daniel0]

[url=http://php.net/get_browser]get_browser[/url] is an option too.

And yeah, HTTP_REFERER (and HTTP_USER_AGENT too) is [i]very[/i] easy to spoof, but there is no spoof-proof way of getting the user agent. It works in the way that the browser actually sends the information along with the request, and you can modify what it sends quite easily.

[willfitch]

Like I said, it's as reliable as the browser sending the headers.  When I wrote a C++ crawler, I sent a user agent header that corresponded with my crawler.  It is very easy to spoof, but under what circumstances are you testing this other than javascript?  Sometimes it can actually be better to detect within JavaScript, since JS would have been already downloaded.  Even better, detect with both!