From general request
Contains the email address of the human user controlling the requesting agent — intended for automated bots to identify themselves.
What it does
From carries an email address identifying the human responsible for the requesting user agent. It's not for browser traffic — it's intended for automated agents, crawlers, and bots to identify a point of contact so server operators can reach the bot's owner if there's an issue.
If your web scraper is hammering someone's server, their ops team wants to know who to email. From is the mechanism for that.
Syntax
From: <email-address>
Must be a valid RFC 5322 email address:
From: [email protected]
From: [email protected]
From: [email protected]
Who uses it
Web crawlers and search engine bots — though Googlebot, Bingbot, and similar large crawlers typically rely on User-Agent and published bot documentation rather than From.
Research crawlers — academic and research bots often set From to provide a contact email, as a courtesy to server operators.
API clients identifying themselves — some automated API consumers include From to identify the operating team.
It's almost never set by browsers — From would expose users' email addresses to every server they visit, which would be a significant privacy violation. Modern browsers don't send it. The spec itself notes that user agents should not send From without user consent.
Privacy note
Because From exposes an email address, it should never be set by applications running on behalf of end users without their explicit knowledge and consent. It's appropriate for server-side automated clients where the "user" is a technical team that owns and controls the bot.
Real-world examples
Research crawler identifying itself:
GET /sitemap.xml HTTP/1.1
Host: example.com
User-Agent: ResearchCrawler/1.0
From: [email protected]
Internal monitoring bot:
GET /health HTTP/1.1
Host: api.example.com
User-Agent: InternalMonitor/2.0
From: [email protected]
FAQ
Do servers do anything with From?
Mostly just log it. A responsible server operator might email the address if they notice unusual behaviour from that agent. Automated systems can use it for rate limiting — being more lenient with known, identified bots from reputable organisations.
Is From required for polite crawlers?
Not required, but recommended. The robots.txt convention and courteous crawling practices suggest bots should identify themselves via User-Agent at minimum, and From adds an actionable contact. The Web Crawlers Best Practices community guidelines suggest including it for research bots.
Should I set From in my API client library?
Only if the library operates as a server-side automated agent making requests on behalf of a team, not on behalf of individual users. For user-facing apps (mobile apps, web SPAs), never set From.
Fun fact
From is one of the original HTTP headers from the very first HTTP specification in 1991, borrowed directly from email (RFC 822) where From: identifies the sender. The vision was a fully transparent web where every agent — browser or bot — would identify its human operator. Privacy concerns made this impractical for browsers almost immediately, leaving From as a relic that only found a legitimate home in the narrower use case of automated crawlers. It's one of the few HTTP headers that was basically obsolete for its originally intended use case within a few years of being specified.