Web browser headers are useless to stop SEO spam

The whole area of header use is simply a waste of time.  You can fake the whole browser message being sent back and you can proxy fake the IP address of the website user.  All the header information is subject to fraudulent use.  While large profits can be made through exploitation of back links then such exploitation is simply going to get better resourced and automated.

It would be silly not to use some basic defence based upon the browser header but it would be foolish to rely solely upon this as your defence.  So what can you use in the header:

Host: seomk.co.uk
Connection: keep-alive
Referer: http://www.google.co.uk/search?hl=en&source=hp&biw=1280&bih=670&q=SEO+Milton+Keynes&aq=1&aqi=g8g-m2&aql=&oq=browser+header
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.107 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

The IP address may not be fake and you can resolve this to the user internet connection via DNS.  This gives you options to block the spam user when they use the same internet provider.  There are assumptions here because it relies upon a static allocation of the machine address to a user by the ISP of the user.

There is a long term cost to all of this.  Different browsers issue different headers and these headers change over time so what you detect and act upon now may not always be present or in the same format.

You can see how using the browser sent header information is simply going to become a mess and an outdated method.