HTTP response headers are usually pretty dry reading, but once in a blue moon you do stumble upon something that makes you smile. Here are some of our favorites.
We’ve bolded the interesting parts, and included the other headers for context. (With one exception, cookie headers. We stripped them away since they tend to take up a lot of room.)
Nerd rage
From Myspace.com:
Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Server: d8de1522726f0073ffa08b0fd1ddb74a61a15ee8d5a534aa
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-PoweredBy: Nerd Rage
Date: Wed, 15 Aug 2012 13:52:47 GMT
Content-Length: 16799
The fun part here is that it varies the responses. We don’t know how many variations there are, but we also got:
- X-PoweredBy: Unicorns
- X-PoweredBy: Keebler Elves
- X-PoweredBy: Charlie Sheen’s Tiger Blood
- X-PoweredBy: Rats in our Basement
We leave it as an exercise to the reader to find them all. Pokemon for web developers…? 😉
If Batman made web servers
From WordPress.com:
Server: nginx
Date: Wed, 15 Aug 2012 13:49:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Cookie
Last-Modified: Wed, 15 Aug 2012 13:47:35 GMT
Cache-Control: max-age=161, must-revalidate
X-hacker: If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://wordpress.com/xmlrpc.php
Link: <http://wp.me/1>; rel=shortlink
X-nananana: Batcache
Content-Encoding: gzip
The Batcache is actually real software developed in-house by Automattic to help power its blog hosting service.
The X-hacker header, pretty much a smart wanted ad. It turns out that this recruitment trick isn’t unusual. Automattic is casting a pretty wide net since all sites on the WordPress.com platform include it. You’ve probably come upon it in the past.
Speaking of that, GigaOm.com (which uses WordPress.com) has a pretty fun addition to the standard WordPress.com response headers, a kind of recruitment override…
Recruitment override
From Gigaom.com:
Server: nginx
Date: Wed, 15 Aug 2012 14:04:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Cookie
Last-Modified: Wed, 15 Aug 2012 14:03:40 GMT
Cache-Control: max-age=241, must-revalidate
X-hacker: If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
P3P: CP=”GigaOM has a Privacy Policy available at http://gigaom.com/privacy-policy/”
X-PickUsInstead: Cool company, cooler headers, join the team! Send an email to jobs@gigaom.com and mention this header.
X-Pingback: http://gigaom.com/xmlrpc.php
X-nananana: Batcache
Content-Encoding: gzip
More on using response headers as a recruitment tool a bit further down.
Bananas and rum
From Surveymonkey.com:
Server: nginx
Date: Wed, 15 Aug 2012 14:07:37 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sun, 05 Feb 2012 21:08:19 GMT
RTSS: 1
X-Powered-By: Bananas and Rum
Content-Language: sv
Content-Encoding: gzip
Another response has X-Powered-By: Hodor.
Drop that table
From Reddit.com:
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Set-Cookie:
Content-Encoding: gzip
Server: ‘; DROP TABLE servertypes; —
Content-Length: 18033
Date: Wed, 15 Aug 2012 13:30:32 GMT
Connection: keep-alive
No comment on that one… 🙂
Version: 1337
From SME.sk:
Content-Type: text/html
Expires: Wed, 15 Aug 2012 14:15:52 GMT
Cache-Control: public
Content-Encoding: gzip
Content-Length: 20583
Accept-Ranges: bytes
Date: Wed, 15 Aug 2012 14:15:22 GMT
Age: 14
Connection: keep-alive
Server: ninja web server 1.3.3.7
Best version number ever?
Don’t hurt our server!
From Howtogeek.com:
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Wed, 15 Aug 2012 14:16:34 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Etag: “f626-502baee7-18fca4”
Last-Modified: Wed, 15 Aug 2012 14:15:03 GMT
Content-Type: text/html
Content-Length: 12660
X-Geek: What’s black and white and red all over? Please don’t kill our penguin-powered server.
X-Awesome: If you found this header please email us about a writing job.
More recruitment (which we’ll have more of later) but we especially like the little plea to be nice to their server.
Alternative power sources
From Bayfiles.com:
X-Powered-By: hamster.in.boogie.wheel
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2144
Date: Wed, 15 Aug 2012 14:18:18 GMT
Server: lighttpd/2.0.0
Green tech?
Wolverine
From Marvel.com:
Server: Apache
P3P: CP=”ALL DSP COR NID CURa TAIa OTPi OUR BUS UNI INT PRE”
Expires: -1
Vary: Accept-Encoding,Cookie
Content-Encoding: gzip
X-ServerNickName: Wolverine
Content-Type: text/html; charset=utf-8
Content-Length: 15078
Accept-Ranges: bytes
Date: Wed, 15 Aug 2012 14:20:43 GMT
Age: 25
Connection: keep-alive
Nice detail by Marvel. Another one the site responds with is X-ServerNickName: Leech, but who doesn’t love Wolverine?
Obscure references
From Collegehumor.com:
Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Accept-Encoding
Content-Encoding: gzip
X-Toynbee-Idea: In Kubrick’s 2001 Resurrect Dead On Planet Jupiter
X-CH-Backend: fe-ch-15.cv.live (70)
Content-Type: text/html
X-Varnish-IP: 192.168.2.60
X-Cacheable: YES
Cache-Control: max-age=0
Content-Length: 17482
Date: Wed, 15 Aug 2012 14:23:28 GMT
X-Varnish: 174924076 174922405
Age: 58
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT (6)
To appreciate this one, you need to read up a bit on Toynbee tiles…
Tablet hosting
From Mysitecost.ru:
Date: Wed, 15 Aug 2012 14:38:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: iPad.3
Content-Encoding: gzip
Probably untrue, but who knows? God knows there are some unusual hosting projects out there.
Cooking with gasoline
From Pcworld.com:
Date: Wed, 15 Aug 2012 15:00:52 GMT
Server: Apache
X-GasHost: gas1
X-Cooking-With: Gasoline-Local
X-Gasoline-Age: 412
Last-Modified: Wed, 15 Aug 2012 14:58:20 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 27690
Charmingly named tech.
Here’s one we caught back in May, but it’s gone now:
What? And no thanks to whom?
From Inquirer.net:
Server: nginx/1.0.4
Vary: Accept-Encoding
Accept-Ranges: bytes
Guyito: does not live here. no thanks to erwin lomibao.
Via: HTTP/1.1 GWA
Date: Fri, 18 May 2012 22:41:52 GMT
Expires: Fri, 18 May 2012 22:41:52 GMT
Cache-Control: max-age=0, no-cache
X-Page-Speed: 35_4_rr
Content-Type: text/html; charset=utf-8
X-XSS-Protection: 1; mode=block
Connection: close
We have no idea what that was about. Seems to have been related to some strange competition…
We want to live. Just sayin’
From Telegraaf.nl:
Server: nginx
Date: Wed, 15 Aug 2012 15:03:04 GMT
Content-Type: text/html
Etag: W/”290358-1345042682000″
Last-Modified: Wed, 15 Aug 2012 14:58:02 GMT
Cache-Control: max-age=120
Expires: Wed, 15 Aug 2012 15:03:42 GMT
P3P: policyref=”http://www.telegraaf.nl/w3c/p3p.xml”, CP=”NON DSP COR CURa ADMa DEVa CUSa TAIa PSAa PSDa OUR DELa IND UNI COM NAV INT DEM PRE”
X-Cacheable: Yes:120.004:/
X-Varnish: 1120547193 1120429288
Age: 82
Via: 1.1 varnish
X-Served-By: killer
X-Cache: HIT
Vary: Accept-Encoding
Content-Encoding: gzip
Should we be worried…?
Oh, hai
From Wellsfargo.com:
Server: KONICHIWA/1.0
Date: Wed, 15 Aug 2012 14:52:44 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Fun server obfuscation. If you absolutely need to know, you can Google it to find out what it actually is.
HTTP response headers as a recruitment tool
As we said earlier, there are quite a few websites that use these response headers for recruitment purposes. It makes sense if you’re looking for people who are into web tech, doesn’t it?
Automattic is the most famous example, but there are many others. Here is a selection.
Booking.com
Date: Wed, 15 Aug 2012 14:45:05 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Content-Length: 31952
Vary: Accept-Encoding
Cache-Control: private
Content-Encoding: gzip
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Seomoz.org
Date: Wed, 15 Aug 2012 14:53:51 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.14
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM”
X-Recruiting: If you’re reading this, maybe you should be working at SEOmoz instead. Check out www.seomoz.org/about/jobs
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6970
Connection: close
Content-Type: text/html
Exactly the same as the next one. Hmmm?
Zappos.com
Server: nginx/1.1.17
Content-Type: text/html; charset=utf-8
X-Powered-By: Ponies!
X-Varnish-TTL: 60m
X-Varnish: 977664209 977642627
X-Cache-Hits: 2091
X-Varnish-Host: varnish04.zappos.net
X-Varnish-ID: drupal
X-Core-Value: 5. Pursue Growth and Learning
X-Recruiting: If you’re reading this, maybe you should be working at Zappos instead. Check out jobs.zappos.com
X-UUID: 68784e3a-e6e5-11e1-84a7-00215e22da70
Content-Encoding: gzip
Content-Length: 25119
Vary: Accept-Encoding
Cache-Control: max-age=1810
Date: Wed, 15 Aug 2012 14:57:22 GMT
Plus, the Zappos website is apparently powered by ponies. But of course.
Zoopla.co.uk
Cache-Control: no-cache
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 15 Aug 2012 15:05:16 GMT
Expires: Wed, 15 Aug 2012 15:05:15 GMT
Pragma: no-cache
Server: nginx/1.2.1
Vary: Accept-Encoding
X-Core-Mission: Empowering consumers with the resources they need to make better-informed property decisions
X-Jobs: If you’re reading this, maybe you should be working at Zoopla? Please visit www.zoopla.co.uk/jobs/
X-Powered-By: Passion
Transfer-Encoding: chunked
Connection: keep-alive
Bestylish.com
Date: Wed, 15 Aug 2012 15:07:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Server: NixOS 1.5b Jatinga Release
X-Hire: If you are reading this, maybe you should work with us.
Content-Encoding: gzip
Phew…
Going through HTTP headers to find something odd and interesting is a bit like sifting for gold. You have to go through a lot of dirt, but you can end up with some nice little nuggets along the way. We hope you liked these!
A final little side note: If you like this stuff there’s also a pretty awesome post over at netthing.org about unconventional HTTP headers that you might want to check out.
Top image via ShutterStock.
