Because you’ll be surprised how many developers aren’t familiar with these things and how many of them think that they are more clever than the herd and do not validate their assumptions.
It wouldn’t surprise me if some junior dev picked it up and then went to ask a senior dev how can they detect the browser version and they got a half assed reply hmm check the user agent and went on with that.
95% of the major bugs and security issues I see on a daily basis are due to this.
UA isn’t the cause of security issues the same thought process or lack there off that led to UA being used as a proxy for compatibility in this cause is.
But in a more general view reliance on an unreliable and user controlled data for decision making is a pretty common pitfall in the security world.
It wouldn’t surprise me if some junior dev picked it up and then went to ask a senior dev how can they detect the browser version and they got a half assed reply hmm check the user agent and went on with that.
95% of the major bugs and security issues I see on a daily basis are due to this.