Get best of the week

Unexpected HTTP Headers

A couple of days ago I was picking on a Creditkarma blog and noticed this HTTP header:

X-hacker: If you're reading this, you should visit wpvip.com/careers and apply to join the fun, mention this header.

(X-hacker: if you are reading this, you should go to wpvip.com/careers and apply to join in the fun, mention this header).

The first thought was: “Wow, once programmers introduced a millennium bug to save a few bits on the date, and now the company publishes whole offers about working in the HTTP header!”

I became very interested, and I did some research.

This particular title seems to be “standard” if you host the site on WordPress VIP , the WordPress hosting company hosted by Automattic. The same title can be found on many well-known sites, such as:


Website developers and website owners can disable it, but to be honest, I doubt that they even know that this header is included in every HTTP packet. And of course, the second thought came right away - to check whether other companies have any creative headlines.

The results are amazing!

You can find various job offers in the HTTP headers.


Yes! The coolest companies in the world seem to publish job offers in the "standard" HTTP header x-recruiting.

Here are some examples:

PayPal.me

x-recruiting: If you are reading this, maybe you should be working at PayPal instead! Check out www.paypal.com/us/webapps/mpp/paypal-jobs

Booking.com

x-recruiting: Like HTTP headers? Come write ours: careers.booking.com

Etsy.com

x-recruiting: Is code your craft? www.etsy.com/careers

Otto.de

x-recruiting: Seems you like http headers. To write ours, apply at job.otto.de and mention this header.

Want to see the full list? To do this, I opened the repository on GitHub .

In addition to job offers, more creative things were found in the research process . They really excited me as a big fan of mysterious nonsense .

Mysterious HTTP Headers


The 9kw.eu website, which seems to be a captcha provider, displays the secret message "42":

X-Secret-Message: 42

istreetview.com is no longer supported, but the address of the secret web form can be found in the header.

X-Secret-URL: https://appio.link/secret

I wrote them my answer ...

On thetradersdomain.com there is a “hidden sauce” in the headings, but this is confidential:

x-secret-sauce: Confidential

On images-dnxlive.com there are a few more “secret” links in one of the HTTP headers:

X-Secret-Message: camscv.dnxnetwork.lu

If you like luxury cars, here's a jaguar. ro with a header for detecting bots:

X-Bot: false

But this method does not work very well and fails if you replace the user-agent (sorry, guys from Jaguar).

And yet ... have you ever seen a server with a nickname ? There is a couple here:

X-men.com

X-ServerNickName: clint

Howgoodisyourseo.com

X-ServerNickName: The Internet

And the last, but also an interesting example. Our friends from m.bidorbuy.co.ke expressed their passion in the HTTP headers:

x-powered-by: Passion and tiny cute kittens
x-servernickname: The Beast
x-hacker: If you are reading this, maybe you should be working at bidorbuy instead

Bonus


Many trendy IT companies seem to have additional HTTP headers, most of which contain job offers.

Therefore, I thought it would be great to add an additional header to this site !

Interesting? Check it out for yourself!

Thanks for reading!

More articles:


All Articles