Unusual HTTP Headers
The server’s HTTP response contains not only machine-readable text, but sometimes hidden messages for people. For example, WordPress.com inserts an X-hacker field into the header with the text: "If you are reading this, then you should go to automattic.com/jobs and fill out the questionnaire." Job advertisements implement other servers, for example, Gigaom.com. Since it is hosted on WordPress, there is competition among employers within the service fields.
Here is a fun selection of non-standard HTTP headers on different servers.
Something strange is issued by the Myspace.com servers, there is an X-PoweredBy field, which takes on different values:
Other options:
Reddit server tries to hack you even in HTTP headers.
')
SME.sk server hints at leet jargon.
And the server Howtogeek.com touchingly appeals to hackers c asking not to break it.
More complete list
Server: nginx
Date: Wed, 15 Aug 2012 14:04:39 GMT
Content-Type: text / html; charset = UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding, Cookie
Last-Modified: Wed, 15 Aug 2012 14:03:40 GMT
Cache-Control: max-age = 241, must-revalidate
X-hacker: If you’re reading this, you’ll visit automattic.com/jobs.
P3P: CP = "GigaOM has a Privacy Policy available at gigaom.com/privacy-policy "
X-PickUsInstead: Cool company, cooler headers, join the team! Send an email to jobs@gigaom.com and mention this header.
X-Pingback: gigaom.com/xmlrpc.php
X-nananana: Batcache
Content-Encoding: gzip
Here is a fun selection of non-standard HTTP headers on different servers.
Something strange is issued by the Myspace.com servers, there is an X-PoweredBy field, which takes on different values:
Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text / html; charset = utf-8
Content-Encoding: gzip
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS / 7.5
X-Server: d8de1522726f0073ffa08b0fd1ddb74a61a15ee8d5a534aa
X-Frame-Options: SAMEORIGIN
X-AspNet-Version: 4.0.30319
X-PoweredBy .: Nerd Rage
Date: Wed, 15 Aug 2012 13:52:47 GMT
Content-Length: 16799
Other options:
- X-PoweredBy: Unicorns
- X-PoweredBy: Keebler Elves
- X-PoweredBy: Charlie Sheen's Tiger Blood
- X-PoweredBy: Rats in our Basement
Reddit server tries to hack you even in HTTP headers.
')
Content-Type: text / html; charset = UTF-8
Vary: Accept-Encoding
Set-Cookie:
Content-Encoding: gzip
Server: '; DROP TABLE servertypes; -
Content-Length: 18033
Date: Wed, 15 Aug 2012 13:30:32 GMT
Connection: keep-alive
SME.sk server hints at leet jargon.
Content-Type: text / html
Expires: Wed, 15 Aug 2012 14:15:52 GMT
Cache-Control: public
Content-Encoding: gzip
Content-Length: 20583
Accept-Ranges: bytes
Date: Wed, 15 Aug 2012 14:15:22 GMT
Age: 14
Connection: keep-alive
Server: ninja web server 1.3.3.7
And the server Howtogeek.com touchingly appeals to hackers c asking not to break it.
Content-Encoding: gzip
Vary: Accept-Encoding
Date: Wed, 15 Aug 2012 14:16:34 GMT
Server: LiteSpeed
Accept-Ranges: bytes
Etag: “f626-502baee7-18fca4 ″
Last-Modified: Wed, 15 Aug 2012 14:15:03 GMT
Content-Type: text / html
Content-Length: 12660
X-Geek: black and white and red all over? Please don't kill our penguin-powered server.
More complete list
Source: https://habr.com/ru/post/149852/
All Articles