I then wrote another script to take this data and pass it through what is advertised as a closely conforming implementation of the relevant RFCs.
Looking at the results, the first set of issues related to the stripping of leading and trailing whitespace, so I updated the script to do that to focus on the remaining differences. Similarly, the URL parsing definition includes the leading ? and # in the query and fragment values respectively, so I eliminated those differences in the cases where the values were non-empty.
urltest is JS only. Does it make sense to test things like httpie, curl, modules and libraries from ruby, python, php and so on?
Sure! I’ll note that the ‘IETF’ rows actually represent data captured by a Ruby library. My personal preference is to focus on modern, actively maintained or spec compliant applications. A counter-example would be Java.
Opera/9.80 (Macintosh; Intel Mac OS X 10.9.5) Presto/2.12.388 Version/12.16
All things considered, it appears to be perhaps you require a legitimate firewall to take out the odds of something to that effect happening. Something else, don’t restrict the servers,add memory, include CPU. There is sufficient tech out there to do stunning things. This shouldn’t be an issue unless you can’t bear the cost of it. For all I know, it could take weeks to settle this.