This post covers the HTTP Headers and Code section of the Web Features chapter when studying for the Zend PHP 7 Certification.
HTTP is a protocol used for transferring data between web servers and client browsers.
The header()
function in PHP sends a raw HTTP header. There are two special-case header calls. The first is a header that starts with the string HTTP/
, which will be used to figure out the HTTP status code to send. For example, the below sends a 404 status.
<?php header("HTTP/1.0 404 Not Found"); // Ensure no code below gets executed
The second special case is the Location:
header. Not only does it send this header back to the browser, but it also returns a REDIRECT (302) status code to the browser unless the 201 or a 3xx status code has already been set.
<?php header("Location: http://www.somesite.com");
The second parameter, replace, indicates whether the header should replace a previous similar header. By default it will replace, but if you pass in FALSE as the second argument you can force multiple headers of the same type.
<?php header('WWW-Authenticate: Negotiate'); header('WWW-Authenticate: NTLM', false);
The third parameter is the response code. A summary of the some of the response codes can be seen below.
<?php // 301 Moved Permanently header("Location: /foo.php",TRUE,301);
If you want the user to be prompted to save the data you are sending, such as a generated PDF file, you can use the Content-Disposition header to supply a recommended filename and force the browser to display the save dialog.
<?php // We'll be outputting a PDF header('Content-Type: application/pdf'); // It will be called downloaded.pdf header('Content-Disposition: attachment; filename="downloaded.pdf"');
PHP scripts often generate dynamic content that must not be cached by the client browser. Clients can be forced to disable caching with the following code.
<?php header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
PHP contains other useful functions regarding header information.
The headers_list()
function will return a list of headers to be sent to the browser/client.
<?php /* setcookie() will add a response header on its own */ setcookie('foo', 'bar'); /* Define a custom response header This will be ignored by most clients */ header("X-Sample-Test: foo"); /* Specify plain text content in our response */ header('Content-type: text/plain'); /* What headers are going to be sent? */ var_dump(headers_list()); // Outputs: array(4) { [0]=> string(23) "X-Powered-By: PHP/5.5.26" [1]=> string(19) "Set-Cookie: foo=bar" [2]=> string(18) "X-Sample-Test: foo" [3]=> string(24) "Content-type: text/plain" }
The headers_sent()
function checks if or where headers have been sent.
<?php // If no headers are sent, send one if (!headers_sent()) { header('Location: http://www.example.com/'); exit; }
header_remove()
removes an HTTP header previously set using header()
.
<?php header("X-Foo: Bar"); header("X-Bar: Baz"); header_remove("X-Foo");
To unset all headers, you can simple use header_remove()
with no arguments.
Note: This article is based on PHP version 7.1.