This post describes a way passively, using Zeek(Bro) + the Elastic Stack within RockNSM, to detect the library used to make a web request using HTTP headers.
However, when it comes to HTTP the main focus has always been on using the layer 7 application details of the HTTP User-Agent header. Although this may be true, these can be spoofed and typically are replaced with any User-Agent of choice.
