Log analysis redux
Alert! Some browsers forge their true identity
analog, the nifty access log analysis tool detailed in my
March, 1996, column. He pointed out that several browsers forward false identification strings to the server, masquerading as Netscape.
I was initially skeptical, but a quick check of my logs confirmed Stephen's statement: there were thousands of entries from non-Netscape browsers posing as Netscape. The reason quickly became obvious: many servers deliver their content in two forms, based upon the browser type. They either deliver rich, Netscape-compatible pages or bland, simplistic pages. If you have a browser that supports all the Netscape extensions but is not recognized by the server as being Netscape, you'll get the bland stuff every time. Rather than disappoint their users, these browsers simply pose as Netscape to get the good stuff from the server.
Most amazing of all, the most popular browser spoofing its identity was none other than Microsoft's Internet Explorer! In fact, my agent log had thousands of entries that looked like this
Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)This is actually Internet Explorer 2.0, running under Windows 95, posing as Netscape 1.22! Of even greater concern is that it is now rumored that Internet Explorer has dropped the "compatible" portion of the agent identifier and is sending an identifier exactly like that of Netscape. There is no way to track this, of course, so your data for Netscape may be tainted by this further bit of deception from Microsoft.
If ever there was direct evidence that Microsoft is conceding that Netscape is the standard browser, this is certainly it. Keep in mind that Internet Explorer actually supports some stuff that Netscape 2.0 does not, and has lots of stuff that 1.22 is missing. If you had a site that keyed off the agent identifier to deliver Internet Explorer content when required, this identifier would keep you from sending the Explorer-compatible stuff to Explorer itself!
Along with my discussion of agent logs, I pointed to some scripts that could be used to parse your agent log and derive some statistics. As originally posted, they did not account for this kind of spoofing. They've been updated, and you should get a new copy if you are still using the old scripts.
I used those scripts to create some charts showing browser usage at my site. The charts have changed slightly as a result of the id spoofing. To keep things up to date, here are those same charts, reworked to reflect the actual browser usage (with data for March, 1996 added as a bonus):
My main conclusion, that Netscape is dominant, with version 2.0 growing rapidly, is unchanged. My assumption that Internet Explorer was not growing in popularity was wrong. In fact, it has grown to capture perhaps 5 percent of the market. Here is the top portion of the chart, showing the lesser browsers in more detail:
I hope this clears up any confusion people may have when looking at my data or their own. Thanks again to Stephen Turner for pointing all this out to me.
If you have problems with this magazine, contact email@example.com
Last updated: 1 June 1996
If you have technical problems with this magazine, contact firstname.lastname@example.org