PHP Header(), Beyond Redirect

Posted on 4 December, 2009 in PHP

If you are a web developer and you’ve ever worked with PHP you have probably come across the PHP header() function in the past. You most likely used it to implement a hard redirect; but you may not have understood exactly what was happening behind the scenes every time you call this handy function. Let’s take a look at what the header() function does and find some uses for it other than its most common use–redirects.

What is the header() Function?

The header() function is used to send raw HTTP headers to the browser or replace other ready-to-send HTTP headers. If you are unfamiliar with HTTP headers, you may find it beneficial to browse through the Header Field Definitions section of the HTTP/1.1 spec.

What Are HTTP Headers?

HTTP headers are the foundation of HTTP (Hypertext Transfer Protocol), which the entire World Wide Web is built on. Every time you go to a webpage, just like when you came to this webpage your browser sent the server a number of header requests, and then in turn received http responses for each request. These headers contain information about the client browser, the server, and the document that the browser requested from the server.

Here’s an example of what some HTTP headers might look like:

A Closer Look at header()

In this post, I would really like to focus on uses for header() other than redirect, but we’ll use it as a jumping off point, since many readers will be familiar with it. When you call header() to implement a redirect, your call will be something similar to this:

	header( 'Location: http://www.mysite.com/path/to/redirected/page/index.php' );
	exit();

What is actually happening when you run the code above is you are sending a “Location” response header to the browser (along with a 302 status code) with a value of “http://www.mysite.com/path/to/redirected/page/index.php”

A quick aside: I have noticed many coders do not include a call to exit() after header() is called. This isn’t necessary, but it is considered a best practice. In the event that your redirect fails, you will more than likely want to keep the rest of the script from executing. Additionally, another note: The HTTP/1.1 spec requires that the value for the “Location” header be an absolute URI (i.e: contains scheme, hostname, and path). While many environments will accept a relative URI, I would recommend that you use an absolute URI for maximum script portability and adherence to the specification.

A Few Additional Uses for header()

Let’s take a look now at a few fun/useful headers we can send.

Status Codes

	  header('HTTP/1.1 200 OK');

You can send raw status codes to the browser by using the method above. This can be useful if you are using a php script as a landing for your 404 NOT FOUND errors, and you want to replace the previously sent 404 NOT FOUND status code to a fresh 200 OK.

Content-Type:

	  header('Content-Type: application/pdf');

The Content-Type header is used to define the mime-type of a document. This helps the browser know how to interpret the data it receives so that you can view it in its intended form. For example, an image file is displayed differently than an HTML file. The header above would indicate a PDF document.

Content-Disposition:

	 header('Content-Type: application/zip');
	 header('Content-Disposition: attachment; filename="downloadMe.zip"');

Send the Content-Disposition header if you would like to prompt the user to download a file, such as an image, an excel spreadsheet, or a PDF (which you should define with the previously mentioned “Content-Type” header). The prompt will be similar to the one shown below:

Content-Length:

	 header('Content-Type: application/zip');
	 header('Content-Length: 38724');
	 header('Content-Disposition: attachment; filename="downloadMe.zip"');

Content-Length is another header that should be used when prompting a user to download a file. This header defines the size of the file to be downloaded (in bytes) and is used by browsers when downloading files to tell the user how much of the download has completed. Have you ever noticed how sometimes your browser’s download manager will tell you how far a file download has progressed (something like “43% Complete”), and sometimes it will only say something to the effect of “458kb of ? have been transfered.” The culprit in this scenario is developers neglecting the implementation of the Content-Length header. In my opinion is a simple courtesy to include this header in your scripts involving file downloads.

Cache-Control:

	  header('Cache-Control: max-age=3600, public');

The Cache-Control header is used to define rules for caching the document it relates to or resides in. You can enabled, disable or limit caching by using a number of directives such as public to enabled caching by anyone, or no-cache to disable caching for everyone. More info on these directives and more can be found here.

Conclusion

Hopefully, you have discovered a few new things about HTTP headers and what you can do with PHP’s header() function. Remember, headers must be sent before any other output, so make sure to place them at the top of your script or before any html tags or whitespace. This includes anything included via include(), require(), include_once(), and require_once(). Even a space will throw an error.