Web developers are finding innovative ways to engage with their audience all the time, sometimes even beyond the traditional way of content delivery. One of these unconventional approaches is the use of custom HTTP headers, with the X-Recruiting header getting the attention of users navigating various websites.
Unlike the standard HTTP headers, the X-Recruiting header has a unique purpose: it works as a direct communication channel for recruitment.
This custom header, which has been used on sites like PayPal and many others, basically invites users to consider a career change by adding recruitment information in the HTTP response. This is both clever and unexpected, using the often overlooked headers to deliver a personalized message straight to the end-user.
In this article, we will look into the uncommon X-Recruiting header and the potential impact it has on recruitment.
Contents
What is the X-Recruiting header?
As we have explained, the X-Recruiting header is a custom header used to attract potential recruits for a company. Essentially, this header informs the reader that they should visit a specific URL if they wish to apply for a position at the company that included the header.
This is an uncommon practice, and there is very little information about this header on the internet. It is a custom header that falls outside the standard HTTP headers we are all familiar with. In fact, according to Webtechsurvey.com, it’s used by less than 0.1% of the websites out there.
The purpose of the X-Recruiting header is to appeal to individuals who review the headers of websites, a practice typically carried out by web developers, system administrators, and generally, individuals working in the realm of the internet or in companies closely related to internet-based industries.
In this way, those who deploy the X-Recruiting header on their website ensure that those applying for a position at the company have basic knowledge of header visualization, likely accompanied by other skills related to the internet, such as development, system administration, web security, SEO, online marketing, and more.
Custom HTTP headers
In the early days of the internet, standardization of HTTP headers was extremely important for operability. However, as the web evolved, developers wanted more flexibility to transmit custom information.
This need gave rise to the use of custom HTTP headers. Over time, custom headers became a means to expand HTTP functionality, providing developers with a tool to adapt communication between clients and servers to meet specific requirements.
Custom HTTP headers are additional fields in the HTTP header of a request or response that are not standardized by the HTTP specification. While there are standard headers defined by the Internet Engineering Task Force (IETF), developers have the ability to create and use custom headers to transmit information specific to their applications.
All custom HTTP headers should include some common key points, though this isn’t 100% mandatory:
- User-defined information: custom headers are defined by developers or administrators to provide information beyond what is covered by standard headers. They can be used to transmit metadata, control behavior, or include application-specific details.
- Prefix convention: custom headers often use a prefix like “X-” to distinguish them from standard headers. For example, headers such as “X-Auth-Token” or “X-Custom-Header” are common in this context.
- Application-specific use cases: these headers can serve various purposes based on the requirements of the website or company. They may be used for authentication, tracking, logging, security policies and giving special messages.
- Not standardized: since custom headers are not standardized, their interpretation is specific to the site or system that uses them. Different organizations or services may define their own custom headers for unique purposes.
Custom HTTP headers examples:
- Authentication: headers like “X-Auth-Token” might be used to transmit authentication tokens.
- Tracking: the X-Tracking-ID header could carry a unique identifier for tracking user interactions.
- Custom messages: the X-Recruiting header is an example of a custom header used to communicate recruitment messages.
How to configure your own X-Recruiting header
Despite being a custom HTTP header, enabling the X-Recruiting header is actually pretty easy. In fact all custom headers are pretty straightforward to set, the same as standard headers like CSP, so let’s see how to do this in Apache and Nginx.
Enabling the X-Recruiting header in Apache
Start by navigating to the Apache’s sites available directory, keep in mind that the location may be different in your server:
cd /etc/apache2/sites-available/
Open the configuration file for your website using your favorite text editor, we’re using nano in this example:
nano your_domain_config_file.conf
Add the following line inside the VirtualHost block:
Header always set X-Recruiting "Your custom recruitment message"
Obviously, you have to replace “Your custom recruitment message” with the message you want to display.
Save and exit the editor.
If you don’t have a custom .conf file for your site and instead use Apache’s main config file, just edit it the same way and make the mentioned changes in your site’s VirtualHost block.
Restart Apache to apply changes:
systemctl restart apache2
How to set the X-Recruiting header in Nginx
Navigate to the Nginx configuration directory:
cd /etc/nginx/conf.d
Open your site’s configuration file using a text editor like nano or vim.
nano your_domain_config_file.conf
Add the following line inside the server block:
add_header X-Recruiting "Your custom recruitment message";
Don’t forget to replace “Your custom recruitment message” with the message you want to display.
Save and exit the editor.
Now test Nginx’s config:
nginx -t
Make sure there are no syntax errors and proceed to restart Nginx:
systemctl restart nginx
Check your X-Recruiting settings
Checking this is pretty simple, just follow our guide:
- Access our web misconfiguration scanner.
- Type your domain in the scan box.
- Now tick the two boxes below, which are named ‘Clear cache’ and ‘Follow redirects’.
- Hit the Scan button.
- Now you have to scroll down to the section named ‘HTTP Security Headers’, and look for your ‘X-Recruiting’ test results: if you got a ‘Passed’ in green it means your header is set properly, if you get an ‘Info’ in blue it means the header is not set, but remember that this particular header has no impact in security.
X-Recruiting header FAQ
Despite there being very little info about the X-Recruiting header on the Internet, let’s see some of the most common questions related to this custom header.
Is the X-Recruiting header a standard HTTP header?
No, the X-Recruiting header is not a standard HTTP header defined by the Internet Engineering Task Force (IETF). Instead, it falls under the category of custom headers, which are specific to individual applications, organizations or companies. While standard headers serve universally recognized purposes in the HTTP protocol, custom headers like X-Recruiting are created and utilized by developers for unique communication purposes.
How common is the X-Recruiting header?
Pretty uncommon. It is a specialized header that is often employed by certain websites or companies for recruitment purposes. The existence of this header depends on the individual strategies and practices of those seeking to engage with potential candidates through their web sites.
While it may not be a common practice, the X-Recruiting header has received attention for its particular approach to reaching out to individuals exploring a website. Its uncommon nature helps in capturing the interest of those who actively inspect HTTP headers.
Summary
Unlike regular headers, the X-Recruiting one is pretty unique: it directly talks about job opportunities. It’s also one of the most uncommon headers out there, mostly used by certain websites for hiring, and we can see it as a smart strategy used by these sites to connect with potential job candidates.
Custom HTTP headers in general have been evolving over the course of the Internet’s history to satisfy the need for some custom headers that aren’t part of the common spectrum of HTTP headers.