How does the "User-Agent" header work?

I see that a User-Agent header is added for HTTP request queries with the value Retool/2.0 (+ I want to check this header on my server to verify whether the request came from retool and only cater to the HTTP request if so. I don't think hardcoding the check to match Retool/2.0 (+ would be a good idea since the header value may change in the future. For this, I would like to understand how this header value is set and whether there is a pattern I can match it with so that the check remains valid.

PS. I am not focussed on the possible workaround where clients other than retool can also add this header with malicious intent.

Alternate question - Is there another way I can use to check whether the request came from retool? I do not want to use secrets, for now, just a minor check would do.

Hey @chandan_prabhakar! There isn't a pattern that you can match that header to as it's added as a hardcoded header on our end before the request is sent.

We do also set an x-retool-forwarded-for header with the IP address of the request. You may be able to use that for your check as well.