SEARCH

How-To Geek

Stupid Geek Tricks: Find the Secret Messages in Web Site Headers

Today’s stupid geek trick takes us to the unseen technical world beneath the surface of your favorite websites, and shows us how real geeks hide secret messages in the HTTP protocol headers. We’re talking Serious geek cred here.

Slashdot's Hidden Message

What Are You Talking About?

The thing you probably don’t realize is that behind the scenes, your web browser sends a request to the web server using the HTTP protocol, which is nothing more than a pre-defined set of commands in text format so the browser and web server can communicate.

…but that’s really boring. Which is why the geeks that run various web sites decided to hide messages in those headers just to see if anybody would notice. And some of them are rather fun.

How to See the Hidden Headers

There’s a number of ways to access these headers, the easiest for real geeks is to pop open the command prompt and use the curl utility, available on Linux, Mac OS X, or even Windows—if you don’t mind downloading an additional utility.

The other way to view them is with the Live HTTP Headers add-on for Firefox. 

If you are using the curl method, you can simply type in the following command (that’s a dash and capital i, not an L)

curl –I sitename.com

For instance, if you type in curl –I slashdot.org, you’ll see that they embed random quotes from Futurama into the headers:

image

The blogging platform WordPress uses the header for a useful purpose—they recommend contacting them about a job if you’ve been able to locate the headers:

curl –I wordpress.com

image

My buddy Ross over at SimpleHelp.net expresses his music taste in his header… by now I’m sure you can figure out the command.

image 

Over at the Online Tech Tips site, they’ve got a very important tip for you:

image

The CybernetNews blog tells us that you should tape your thumbs to your hands. I mean, everyone is doing it!

image

Mattias Geniar wants everybody to know who rocks. Turns out, it’s him!

image

The Tux Games site is using subliminal advertising. BUY MORE GAMES!

image

Add a Hidden Message To Your Own Web Site

For those of you rocking a blog running on an Apache web server, and using a .htaccess file, you can actually add your own secret hidden message to your own HTTP headers.

Just open up your .htaccess file, and add the following line (near the beginning for best effect).

Header set X-Nerd “Something Here”

You can change whatever is after the X- to anything you want, like X-Yay or X-SecretStuff, and you can also put whatever message you want between the quotes—though I would keep it nice and short.

Added Bonus: Pull a Random Futurama Quote from Slashdot

So now we’ve figured out how to see the quotes—with a little more command-line magic you can make a script that pulls a random quote from the Slashdot servers. Yes, this script is pretty useless, but it’s fun!

curl -sI slashdot.org | grep -E “X-(B|L|F)”

image

There’s lots of other sites with hidden messages in the headers…

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 11/19/09

Comments (12)

  1. Adrian

    On windows it probably easier to use Fiddler HTTP debugging proxy than curl – that way you can browse at the same time…

    Do i win the prize about Dexter?

    X-Geek: Dexter is the Dark Defender.
    X-Winner: The first person that leaves a comment on that article with the Dexter message gets a $50 Amazon gift card.

  2. Kelvin

    Dexter is the Dark Defender.

  3. Corey

    Dexter is the Dark Defender.

  4. Ken

    “Dexter is the Dark Defender.”

    No way. Am I really first?

  5. The Geek

    @Adrian

    You found the hidden prize! A gift card for $50 should now be in your email inbox. Congrats!

  6. Adrian

    cool!

  7. John

    WordPress is going to get a lot of job applications…

  8. Thomas Eaton

    If your not using firefox, don’t wish to install the plugin, or don’t want to download a program/ know how to use it. Try: http://www.onlinewebcheck.com/check.php Type in the url, and scroll paste all the listed errors and at the bottom is the http header.

  9. wandersick

    curl -sI slashdot.org | grep -E “X-(B|L|F)”

    “Grep” is not there on windows machines, but users can use “findstr /r” instead:

    curl -sI slashdot.org | findstr -r “X-[B|L|F]”

    (the metacharacters are slightly different though)

  10. Milke

    It’s a funny trick !
    I think i will do it !

  11. Andrea

    nice trick I try it :)

  12. factotron

    A quick a ubiquitous way of finding the header info is to use a bookmarklet called quix. Quix was written by WordPress Guru Yoast and makes a whole bunch of stuff easier but it real quick for this.

    If you want to install Quix go to quixapp.com or drag this to your bookmarks bar.

    Give the link a click and then to get the header info you just type h in the box and enter.

Enter Your Email Here to Get Access for Free:

Go check your email!