Share via:

PHP: Header

Send HTTP headers using the PHP header function.


Edited: 2019-11-06 20:22

The PHP Header function is used to send HTTP Headers in response to a HTTP request, typically coming from a browser. Headers must be sent before any output is sent to the browser.

To send a simple header response, such as that used for permanent redirects, we may use the below:

header('HTTP/1.1 301 Moved Permanently');

From PHP 5.4 and up, you should use http_response_code() to set response codes. This is much easier, since you do not have to determine the protocol used by the client, and it eliminates the risk of typos in your code:


Response Codes

Status codes are used to tell the browser if the requested resource exists, has been modified, or if it has been moved to another location.

The standard response for a PHP script is 200 OK, but we can change this using the PHP header function. We would typically do this for caching purposes, or to redirect the request in case the resource was moved. To send a 200 ok message we can do like this:

header('HTTP/1.1 200 OK');

It is also a useful way to deliver error response codes which are easily understood by other services. This could be 404 Not Found or the infamous 500 Internal Server Error. Here are some examples:

  • header('HTTP/1.1 404 Not Found')
  • header('HTTP/1.1 403 Forbidden')
  • header('HTTP/1.1 400 Bad Request')
  • header('HTTP/1.1 500 Internal Server Error')
  • header('HTTP/1.1 301 Moved Permanently')

Header Redirect

Redirects are performed with the HTTP Location Header, usually in combination with the relevant status code, such as the 303 See Other status code.

header(set_protocol() . ' 303 See Other');

The function uses the SERVER_PROTOCOL variable to determine the protocol used by the client:

function set_protocol() {
  $supported_protocols = array(
    'HTTP/2.0' => true,
    'HTTP/1.1' => true,
    'HTTP/1.0' => true,
  $protocol = $_SERVER["SERVER_PROTOCOL"];
  if (!isset($supported_protocols["$protocol"])) {
    $protocol = 'HTTP/1.0';
  return $protocol;

This function will automatically revert to HTTP/1.0 if the protocol is not found in the $supported_protocols array.

Note that the HTTP/1.0 spec does not require a host header to be sent by the client. Servers using a name based Virtual Hosts configuration will probably respond with the default VHOST (if at all). Therefor, you might want to either remove HTTP/1.0 from supported protocols, or try using an IP based VHOST setup instead..

You can remove the protocols not used by your application by removing it from the array. Also, you might want to consider using http_response_code instead since the protocol thing should then be handled automatically by PHP.

See also

  1. HTTP Response Codes – a list of response codes.