How can I tell if a php page was accessed via http or https?
Asked
Active
Viewed 1.2e+01k times
48
-
1If would be useful to know more about your PHP configuration (in which server it's running, for example). – Bruno Oct 28 '10 at 12:44
-
The answers below that only refer to checking $_SERVER["HTTPS"] are not complete. Please see http://stackoverflow.com/questions/1175096/how-to-find-out-if-youre-using-https-without-serverhttps for a complete answer. – AnthonyVO Jan 28 '17 at 14:28
6 Answers
53
If the request was sent with HTTPS you will have a extra parameter in the $_SERVER superglobal - $_SERVER['HTTPS']. You can check if it is set or not
if( isset($_SERVER['HTTPS'] ) ) {
Eran Galperin
- 86,251
- 24
- 115
- 132
-
2The problem with this approach is that it doesn't always work, as the `$_SERVER` documentation says: "The entries in this array are created by the web server. There is no guarantee that every web server will provide any of these; servers may omit some, or provide others not listed here." – Bruno Oct 28 '10 at 13:47
-
If the server is properly configured, is shouldn't be a problem. Better to try this approach first and resort to hacks if it fails – Eran Galperin Oct 28 '10 at 14:14
-
@EranGalperin, You're missing the point. A properly configured server is allowed to omit $_SERVER entries. It's explicitly allowed in the documentation. – Pacerier Mar 06 '15 at 03:11
-
Under some configurations $_SERVER['HTTPS'] will return 'off' when it is HTTP, so that needs to be tested as per Aelios' answer. – xtempore Feb 22 '18 at 02:35
-
@Pacerier: Real life does not work as described in the documentation - no web server that omits $_SERVER['HTTPS'] would be used in any production environment and such a behavior would be filed as a bug, considered as a bug and fixed as a bug - nobody cares whether the documentation says otherwise. – Roland Seuhs Mar 07 '18 at 12:38
48
If your request is sent by HTTPS you will have an extra server variable named 'HTTPS'
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { //HTTPS }
Aelios
- 11,849
- 2
- 36
- 54
-
2
-
You can also use `preg_match('/https|HTTPS/',$_SERVER ["REQUEST_SCHEME"]) == 1` – jking May 31 '20 at 10:45
-
@jking `/https|HTTPS/` obviously overlooks the `i` pattern modifier as a matter of cleaner scripting and best practice. – mickmackusa Jan 24 '21 at 21:43
29
$protocol = strtolower(substr($_SERVER["SERVER_PROTOCOL"],0,5))=='https'?'https':'http';
$protocol = isset($_SERVER["HTTPS"]) ? 'https' : 'http';
These should both work
user23127
- 827
- 10
- 21
Mark Baijens
- 13,028
- 11
- 47
- 73
-
`$_SERVER['SERVER_PROTOCOL']` starts with `'HTTP'` in both the cases. – apaderno Apr 17 '23 at 21:10
4
This can get more complicated depending on where PHP sits in your environment, since your question is quite broad. This may depend on whether there's a load-balancer and how it's configured. Here are are a few related questions:
-
These SO links look they could have been just as easily posted as comment under the question. – mickmackusa Jan 24 '21 at 21:44
1
$_SERVER['HTTPS']
This will contain a 'non-empty' value if the request was sent through HTTPS
Craige
- 2,882
- 2
- 20
- 28
0
You should be able to do this by checking the value of $_SERVER['HTTPS'] (it should only be set when using https).
wimvds
- 12,790
- 2
- 41
- 42
-
1so if I use HTTPS and the server does not create this $_SERVER['HTTPS'] does that mean it's a fake HTTPS? – NaN Oct 14 '13 at 01:08