Pingdom Home

US + international: +1-212-796-6890

SE + international: +46-21-480-0920

Business hours 3 am-11:30 am EST (Mon-Fri).

Do you know if your website is up right now? We do! LEARN MORE

Fun and unusual HTTP response headers

http

HTTP response headers are usually pretty dry reading, but once in a blue moon you do stumble upon something that makes you smile. Here are some of our favorites.

We’ve bolded the interesting parts, and included the other headers for context. (With one exception, cookie headers. We stripped them away since they tend to take up a lot of room.)

Nerd rage

From Myspace.com:

Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Server: d8de1522726f0073ffa08b0fd1ddb74a61a15ee8d5a534aa
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-PoweredBy: Nerd Rage
Date: Wed, 15 Aug 2012 13:52:47 GMT
Content-Length: 16799

The fun part here is that it varies the responses. We don’t know how many variations there are, but we also got:

  • X-PoweredBy: Unicorns
  • X-PoweredBy: Keebler Elves
  • X-PoweredBy: Charlie Sheen’s Tiger Blood
  • X-PoweredBy: Rats in our Basement

We leave it as an exercise to the reader to find them all. Pokemon for web developers…? ;)

If Batman made web servers

From WordPress.com:

Server: nginx
Date: Wed, 15 Aug 2012 13:49:54 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Cookie
Last-Modified: Wed, 15 Aug 2012 13:47:35 GMT
Cache-Control: max-age=161, must-revalidate
X-hacker: If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
X-Pingback: http://wordpress.com/xmlrpc.php
Link: <http://wp.me/1>; rel=shortlink
X-nananana: Batcache
Content-Encoding: gzip

The Batcache is actually real software developed in-house by Automattic to help power its blog hosting service.

The X-hacker header, pretty much a smart wanted ad. It turns out that this recruitment trick isn’t unusual. Automattic is casting a pretty wide net since all sites on the WordPress.com platform include it. You’ve probably come upon it in the past.

Speaking of that, GigaOm.com (which uses WordPress.com) has a pretty fun addition to the standard WordPress.com response headers, a kind of recruitment override…

Recruitment override

From Gigaom.com:

Server: nginx
Date: Wed, 15 Aug 2012 14:04:39 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Cookie
Last-Modified: Wed, 15 Aug 2012 14:03:40 GMT
Cache-Control: max-age=241, must-revalidate
X-hacker: If you’re reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
P3P: CP=”GigaOM has a Privacy Policy available at http://gigaom.com/privacy-policy/”
X-PickUsInstead: Cool company, cooler headers, join the team! Send an email to jobs@gigaom.com and mention this header.
X-Pingback: http://gigaom.com/xmlrpc.php
X-nananana: Batcache
Content-Encoding: gzip

More on using response headers as a recruitment tool a bit further down.

Bananas and rum

From Surveymonkey.com:

Server: nginx
Date: Wed, 15 Aug 2012 14:07:37 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Pragma: no-cache
Cache-Control: private, max-age=0, proxy-revalidate, no-store, no-cache, must-revalidate
Expires: Sun, 05 Feb 2012 21:08:19 GMT
RTSS: 1
X-Powered-By: Bananas and Rum
Content-Language: sv
Content-Encoding: gzip

Another response has X-Powered-By: Hodor.

Drop that table

From Reddit.com:

Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Set-Cookie:
Content-Encoding: gzip
Server: ‘; DROP TABLE servertypes; –
Content-Length: 18033
Date: Wed, 15 Aug 2012 13:30:32 GMT
Connection: keep-alive

No comment on that one… :)

Version: 1337

From SME.sk:

Content-Type: text/html
Expires: Wed, 15 Aug 2012 14:15:52 GMT
Cache-Control: public
Content-Encoding: gzip
Content-Length: 20583
Accept-Ranges: bytes
Date: Wed, 15 Aug 2012 14:15:22 GMT
Age: 14
Connection: keep-alive
Server: ninja web server 1.3.3.7

Best version number ever?

Don’t hurt our server!

From Howtogeek.com:

Content-Encoding: gzip
Vary: Accept-Encoding
Date: Wed, 15 Aug 2012 14:16:34 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Etag: “f626-502baee7-18fca4″
Last-Modified: Wed, 15 Aug 2012 14:15:03 GMT
Content-Type: text/html
Content-Length: 12660
X-Geek: What’s black and white and red all over? Please don’t kill our penguin-powered server.
X-Awesome: If you found this header please email us about a writing job.

More recruitment (which we’ll have more of later) but we especially like the little plea to be nice to their server.

Alternative power sources

From Bayfiles.com:

X-Powered-By: hamster.in.boogie.wheel
Content-Type: text/html
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 2144
Date: Wed, 15 Aug 2012 14:18:18 GMT
Server: lighttpd/2.0.0

Green tech?

Wolverine

From Marvel.com:

Server: Apache
P3P: CP=”ALL DSP COR NID CURa TAIa OTPi OUR BUS UNI INT PRE”
Expires: -1
Vary: Accept-Encoding,Cookie
Content-Encoding: gzip
X-ServerNickName: Wolverine
Content-Type: text/html; charset=utf-8
Content-Length: 15078
Accept-Ranges: bytes
Date: Wed, 15 Aug 2012 14:20:43 GMT
Age: 25
Connection: keep-alive

Nice detail by Marvel. Another one the site responds with is X-ServerNickName: Leech, but who doesn’t love Wolverine?

Obscure references

From Collegehumor.com:

Server: Apache
X-Powered-By: PHP/5.3.6
Vary: Accept-Encoding
Content-Encoding: gzip
X-Toynbee-Idea: In Kubrick’s 2001 Resurrect Dead On Planet Jupiter
X-CH-Backend: fe-ch-15.cv.live (70)
Content-Type: text/html
X-Varnish-IP: 192.168.2.60
X-Cacheable: YES
Cache-Control: max-age=0
Content-Length: 17482
Date: Wed, 15 Aug 2012 14:23:28 GMT
X-Varnish: 174924076 174922405
Age: 58
Via: 1.1 varnish
Connection: keep-alive
X-Cache: HIT (6)

To appreciate this one, you need to read up a bit on Toynbee tiles

Tablet hosting

From Mysitecost.ru:

Date: Wed, 15 Aug 2012 14:38:14 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: iPad.3
Content-Encoding: gzip

Probably untrue, but who knows? God knows there are some unusual hosting projects out there.

Cooking with gasoline

From Pcworld.com:

Date: Wed, 15 Aug 2012 15:00:52 GMT
Server: Apache
X-GasHost: gas1
X-Cooking-With: Gasoline-Local
X-Gasoline-Age: 412
Last-Modified: Wed, 15 Aug 2012 14:58:20 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 27690

Charmingly named tech.

Here’s one we caught back in May, but it’s gone now:

What? And no thanks to whom?

From Inquirer.net:

Server: nginx/1.0.4
Vary: Accept-Encoding
Accept-Ranges: bytes
Guyito: does not live here. no thanks to erwin lomibao.
Via: HTTP/1.1 GWA
Date: Fri, 18 May 2012 22:41:52 GMT
Expires: Fri, 18 May 2012 22:41:52 GMT
Cache-Control: max-age=0, no-cache
X-Page-Speed: 35_4_rr
Content-Type: text/html; charset=utf-8
X-XSS-Protection: 1; mode=block
Connection: close

We have no idea what that was about. Seems to have been related to some strange competition

We want to live. Just sayin’

From Telegraaf.nl:

Server: nginx
Date: Wed, 15 Aug 2012 15:03:04 GMT
Content-Type: text/html
Etag: W/”290358-1345042682000″
Last-Modified: Wed, 15 Aug 2012 14:58:02 GMT
Cache-Control: max-age=120
Expires: Wed, 15 Aug 2012 15:03:42 GMT
P3P: policyref=”http://www.telegraaf.nl/w3c/p3p.xml”, CP=”NON DSP COR CURa ADMa DEVa CUSa TAIa PSAa PSDa OUR DELa IND UNI COM NAV INT DEM PRE”
X-Cacheable: Yes:120.004:/
X-Varnish: 1120547193 1120429288
Age: 82
Via: 1.1 varnish
X-Served-By: killer
X-Cache: HIT
Vary: Accept-Encoding
Content-Encoding: gzip

Should we be worried…?

Oh, hai

From Wellsfargo.com:

Server: KONICHIWA/1.0
Date: Wed, 15 Aug 2012 14:52:44 GMT
Content-Type: text/html;charset=UTF-8
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked

Fun server obfuscation. If you absolutely need to know, you can Google it to find out what it actually is.

HTTP response headers as a recruitment tool

As we said earlier, there are quite a few websites that use these response headers for recruitment purposes. It makes sense if you’re looking for people who are into web tech, doesn’t it?

Automattic is the most famous example, but there are many others. Here is a selection.

Booking.com

Date: Wed, 15 Aug 2012 14:45:05 GMT
Server: Apache
X-Recruiting: Like HTTP headers? Come write ours: booking.com/jobs
Content-Length: 31952
Vary: Accept-Encoding
Cache-Control: private
Content-Encoding: gzip
Keep-Alive: timeout=5, max=94
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

Seomoz.org

Date: Wed, 15 Aug 2012 14:53:51 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.14
Cache-Control: no-cache, must-revalidate
Expires: Sat, 26 Jul 1997 05:00:00 GMT
P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM”
X-Recruiting: If you’re reading this, maybe you should be working at SEOmoz instead. Check out www.seomoz.org/about/jobs
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6970
Connection: close
Content-Type: text/html

Exactly the same as the next one. Hmmm?

Zappos.com

Server: nginx/1.1.17
Content-Type: text/html; charset=utf-8
X-Powered-By: Ponies!
X-Varnish-TTL: 60m
X-Varnish: 977664209 977642627
X-Cache-Hits: 2091
X-Varnish-Host: varnish04.zappos.net
X-Varnish-ID: drupal
X-Core-Value: 5. Pursue Growth and Learning
X-Recruiting: If you’re reading this, maybe you should be working at Zappos instead.  Check out jobs.zappos.com
X-UUID: 68784e3a-e6e5-11e1-84a7-00215e22da70
Content-Encoding: gzip
Content-Length: 25119
Vary: Accept-Encoding
Cache-Control: max-age=1810
Date: Wed, 15 Aug 2012 14:57:22 GMT

Plus, the Zappos website is apparently powered by ponies. But of course.

Zoopla.co.uk

Cache-Control: no-cache
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Wed, 15 Aug 2012 15:05:16 GMT
Expires: Wed, 15 Aug 2012 15:05:15 GMT
Pragma: no-cache
Server: nginx/1.2.1
Vary: Accept-Encoding
X-Core-Mission: Empowering consumers with the resources they need to make better-informed property decisions
X-Jobs: If you’re reading this, maybe you should be working at Zoopla? Please visit www.zoopla.co.uk/jobs/
X-Powered-By: Passion
Transfer-Encoding: chunked
Connection: keep-alive

Bestylish.com

Date: Wed, 15 Aug 2012 15:07:26 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Server: NixOS 1.5b Jatinga Release
X-Hire: If you are reading this, maybe you should work with us.
Content-Encoding: gzip

Phew…

Going through HTTP headers to find something odd and interesting is a bit like sifting for gold. You have to go through a lot of dirt, but you can end up with some nice little nuggets along the way. We hope you liked these!

A final little side note: If you like this stuff there’s also a pretty awesome post over at netthing.org about unconventional HTTP headers that you might want to check out.

Top image via ShutterStock.



32 comments
spywerx
spywerx

Купить виниловые наклейки вы можете в Интернет-магазине виниловых наклеек и стикеров 2stick.net. А также вы можете приобрести виниловые наклейки оптом или оформить виниловые наклейки на заказ http://2stick.net/ - Интернет-магазин виниловых наклеек и стикеров 2stick.net http://2stick.net/wholesale - виниловые наклейки оптом http://2stick.net/zakaz - виниловые наклейки на заказ

bigblackfairy
bigblackfairy

@mrManner Passande att jag höll på att konfigurera Varnish precis då :P @pingdom

bigblackfairy
bigblackfairy

@mrManner Passande att jag höll på att konfigurera Varnish precis då :P @pingdom

rcarmo
rcarmo

@FernandoMigueI X-Answer is set.

rcarmo
rcarmo

@FernandoMigueI X-Answer is set.

bortzmeyer
bortzmeyer

@pingdom Illegal headers since RFC 6648 -:)

bortzmeyer
bortzmeyer

@pingdom Illegal headers since RFC 6648 -:)

MrPolakhov
MrPolakhov

@lomalkin Месяца 4 назад обнаружил заголовок от http://t.co/ZJxpSNhW, разгребая курлом ссылку от спамера

MrPolakhov
MrPolakhov

@lomalkin Месяца 4 назад обнаружил заголовок от http://t.co/ZJxpSNhW, разгребая курлом ссылку от спамера

bigBound
bigBound

--; 특이한 해더들이 아니라 그냥 사용자정의 해더들인데요.. QT @xguru: 재미나고 특이한 HTTP 헤더들 http://t.co/8OK1nYkc 어떤 웹사이트라도 적용 가능하겠지만, 오픈API 제(cont) http://t.co/o7bAK2yJ

bigBound
bigBound

--; 특이한 해더들이 아니라 그냥 사용자정의 해더들인데요.. QT @xguru: 재미나고 특이한 HTTP 헤더들 http://t.co/8OK1nYkc 어떤 웹사이트라도 적용 가능하겠지만, 오픈API 제(cont) http://t.co/o7bAK2yJ

MyBlueSky2011
MyBlueSky2011

RT @xguru: 재미나고 특이한 HTTP 헤더들 http://t.co/7QFJ6dqt 어떤 웹사이트라도 적용 가능하겠지만, 오픈API 제공사이트에 적용하면 개발자들에게 또 다른 재미를 제공해줄수도 ;)

MyBlueSky2011
MyBlueSky2011

RT @xguru: 재미나고 특이한 HTTP 헤더들 http://t.co/7QFJ6dqt 어떤 웹사이트라도 적용 가능하겠지만, 오픈API 제공사이트에 적용하면 개발자들에게 또 다른 재미를 제공해줄수도 ;)

SocialCaster
SocialCaster

RT @xguru: 재미나고 특이한 HTTP 헤더들 http://t.co/Hpvcw05R 어떤 웹사이트라도 적용 가능하겠지만, 오픈API 제공사이트에 적용하면 개발자들에게 또 다른 재미를 제공해줄수도 ;)

SocialCaster
SocialCaster

RT @xguru: 재미나고 특이한 HTTP 헤더들 http://t.co/Hpvcw05R 어떤 웹사이트라도 적용 가능하겠지만, 오픈API 제공사이트에 적용하면 개발자들에게 또 다른 재미를 제공해줄수도 ;)

pingdom
pingdom

@jerais Good thing that you're kind to your penguins. :)

pingdom
pingdom

@jerais Good thing that you're kind to your penguins. :)

xguru
xguru

@bigBound 내용에 대해서 표현한거라고 보셔야 ^^;

xguru
xguru

@bigBound 내용에 대해서 표현한거라고 보셔야 ^^;