header

(PHP 3, PHP 4 >= 4.0.0)

header -- Send a raw HTTP header

Description

int header (string string [, bool replace])

The header() function is used at the top of an HTML file to send raw HTTP header strings. See the HTTP 1.1 Specification for more information on raw http headers.

The optional replace parameter indicates whether the header should replace a previous similar header, or add a second header of the same type. By default it will replace, but if you pass in FALSE as the second argument you can force multiple headers of the same type. For example:


header('www-authenticate: Negociate');
header('www-authenticate: NTLM',false);
      

There are two special-case header calls. The first is the "Location" header. Not only does it send this header back to the browser, it also returns a REDIRECT status code to Apache. From a script writer's point of view this should not be important, but for people who understand Apache internals it is important to understand.


header ("Location: http://www.php.net/"); /* Redirect browser 
                                            to PHP web site */
exit;                 /* Make sure that code below does 
                         not get executed when we redirect. */
      

Note: HTTP 1.1 requires an absolute URI as argument to Location: including protocol, hostname and absolute path. Some clients might accept relative URIs but you definetly should not rely on it. You can usually use $HTTP_SERVER_VARS['HTTP_HOST'], $HTTP_SERVER_VARS['PHP_SELF'] and dirname() to make an absolute URI from a relative one yourself:


header ("Location: http://".$HTTP_SERVER_VARS['HTTP_HOST']
                       ."/".dirname($HTTP_SERVER_VARS['PHP_SELF'])
                       ."/".$relative_url);
       

The second special-case is any header that starts with the string, "HTTP/" (case is not significant). For example, if you have your ErrorDocument 404 Apache directive pointed to a PHP script, it would be a good idea to make sure that your PHP script is actually generating a 404. The first thing you do in your script should then be:


header ("HTTP/1.0 404 Not Found");
      

PHP scripts often generate dynamic HTML that must not be cached by the client browser or any proxy caches between the server and the client browser. Many proxies and clients can be forced to disable caching with


header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); 
                                                      // always modified
header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
header ("Pragma: no-cache");                          // HTTP/1.0
      

Remember that the header() function must be called before any actual output is sent, either by normal HTML tags blank lines in a file, or from PHP. It is a very common error to read code with include(), or require(), functions, or another file access function, and have spaces or empty lines that will output before header() is called. The same problem exists when using a single PHP/HTML file.


<?php require("user_logging.inc") ?>


<?php header ("Content-Type: audio/x-pn-realaudio"); ?>
// Broken, Note the blank lines above
      

See also headers_sent()