All in the title.
Are there any benefit for anyone that this header is being set every time automatically? Do anyone know the idea behind this spec?
Asked
Active
Viewed 2,765 times
1 Answers
6
The purpose of having this header automatically added by WebView is to identify requests coming from apps. Apps can use WebView to manipulate organic traffic flow in order to monetize their ads, commit clickfraud, etc. The value of the user agent string can be changed by the app, while the value of this header can't.
Besides that, the header is used by people who need to know who displays their content by analyzing server logs. User agent string can also be used for that, but alone it is often not enough for distinguishing between Chrome (and various browsers cloned from it) and Android WebView (and as I mentioned above apps can change the UA string).
Some people (mostly ad platforms) are also interested knowing what app uses WebView for displaying their content -- X-Requested-With provides exactly that information.
One caveat with X-Requested-With is that jQuery uses it for XHR requests (X-Requested-With: XMLHttpRequest), and some servers don't check the value of this header and always return a JSONed content when they encounter it. Thus, when you try retrieving content from such a server using Android WebView, you receive some JSON garbage instead of expected HTML.
Mikhail Naganov
- 6,643
- 1
- 26
- 26
-
This explains the "Google has made it so" comment in [this SO comment](https://stackoverflow.com/questions/17832313/android-disable-x-requested-with-header-in-webview#comment130115763_29395509). Thank you. – Introspective Jul 11 '23 at 21:02