From
Request header General

Overview

From tells the server the email address of the entity (usually a human operator) making the request. It is mainly used by automated bots and crawlers to disclose a point of contact.

The value is a single RFC 5322 email address (e.g. `crawler@example.com`). Browsers do not send this header automatically, for privacy reasons.

Details

Historically it was designed for a user agent to reveal the user's email, but privacy concerns mean ordinary browser requests never use it. Its practical use today is crawler etiquette: a bot sending many requests can put its operator's email in From so a site admin can reach the responsible party if something goes wrong.

It is not an access-control or authentication mechanism, merely a voluntary contact disclosure. Servers must not grant privileges based on From, and the value can be forged or omitted at will. It is typically bundled with robots.txt compliance and a bot name/URL in User-Agent as a 'good bot' signal.

By convention the value is the bare address without a display name, and since it can end up in logs, using a role-based address (`abuse@`, `bot@`) is safer than a personal email.

Syntax

From: <email-address>

e.g. From: crawler@example.com

Notes

Related headers

Specification