A friendly decoder for Imperva's cryptic X-Iinfo headers. Ever wonder what those mysterious 4-character codes mean? This tool explains what's happening with your Imperva-protected website in plain English.
When Imperva (a web application firewall and CDN) protects your site, it adds an X-Iinfo header to responses. This header contains a 4-character code that tells you:
- How Imperva connected to your server (new connection vs. reused)
- Whether content was cached (and how)
- If compression was applied
- Whether connections were pooled for efficiency
This script fetches that header, decodes it, and explains what it means for your site's performance.
# Clone or download the script
chmod +x wtf-imperva.shMake 3 requests to see performance patterns:
./wtf-imperva.sh https://example.comDisplay the response body to check if you're being blocked or getting a captcha page:
./wtf-imperva.sh https://example.com --show-bodyDisplay Imperva-specific and caching-related HTTP headers (X-Iinfo, Cache-Control, Vary, Content-Encoding, Expires, ETag, Age). Also explains Cache-Control directives in plain English. Useful for debugging cache behaviour:
./wtf-imperva.sh https://example.com --show-headerExample output includes:
- All Imperva and caching headers
- Notification if headers changed across the 3 requests
- Detailed explanation of each Cache-Control directive (e.g., "max-age=120: Cache for 120 seconds (2 minutes)")
Parse an X-Iinfo header value directly without making HTTP requests. Useful when you've copied the header from browser DevTools:
./wtf-imperva.sh --parse-header "13-93250135-93234797 2CNN RT(1758777477663 60) q(0 0 0 -1) r(0 0)"You can combine flags:
./wtf-imperva.sh https://example.com --show-body --show-header🔍 WHAT HAPPENED WHEN SOMEONE VISITED YOUR SITE
================================================
🔗 How Imperva Connected to Your Website (1st char: 'N'):
❌ Made a brand new connection to your website's server
💾 Was Your Content Already Saved in Imperva's Cache? (2nd char: 'N'):
❌ Had to get fresh content directly from your website's server
🗜️ Was Your Content Compressed to Save Bandwidth? (3rd char: 'Y'):
✅ Content was squeezed smaller to load faster and use less data
🔄 Did Imperva Reuse an Existing Connection? (4th char: 'N'):
❌ Had to establish a brand new connection (takes a bit longer)
🚀 WHAT THIS MEANS FOR YOUR WEBSITE'S SPEED
===========================================
🐌 Slower: Had to get content fresh from your server (but most up-to-date)
💨 Content was compressed - saves data and loads faster
🔌 Created new connection - standard speed
N= New connection to origin serverE= Reused existing connection (faster)F= Fresh connection from poolP/S= Pooled/reused connection (fastest)0= Served from cache (no origin connection needed)2= Served from local cache server3= Served from specialized cache layer
C= Fresh cached content (fastest)c= Stale content, refreshing in backgroundV= Validated with origin serverN= Not cached, fetched from origin
Y= Content compressed (faster, less bandwidth)N= Not compressed (slower, more bandwidth)
Y= Reused existing connection (faster)N= New connection created (standard)
- Performance debugging: Understand why some requests are slow
- Cache verification: Check if your content is being cached properly
- Cache-Control understanding: Get plain-English explanations of caching directives
- Bot detection: See if automated requests are treated differently
- Compression testing: Verify compression is working
- Pattern analysis: Make multiple requests to see how Imperva adapts
bashcurlgrep,sed,cut(standard Unix tools)
- Make multiple requests to see how Imperva's behaviour evolves
- Use
--show-bodyif you suspect bot blocking - Use
--show-headerto understand cache configuration and see if headers change between requests - Check if curl requests differ from browser requests
- Look for patterns: first request often shows
N(new), subsequent requests may show cached/pooled connections
MIT
Found a new status code? Submit a PR or open an issue!