Redirect to page and send custom HTTP headers

Question

I use the following code to redirect to a page in PHP. I need to set a custom HTTP headers to pass along with the redirect.

header("Location: http://...");

How can I archive this?

I tried adding it before and after the redirect, I then use HttpFox on Firefox but see that the HTTP headers aren't being sent. — Lennie, Sep 28 '11 at 13:23
Are you trying to send data with your redirect? Why don't you use php sessions? — T9b, Oct 04 '11 at 10:39

sepehr · Answer 1 · 2021-08-19T05:09:19.350

I'm afraid, all the answers are wrong and misleading!

It's impossible to redirect to a page with custom headers set, no matter what language or framework you use. In other words, there's no way to trigger an HTTP redirect and cause the client (browser) to add a custom header.

You might be thinking that using multiple header() calls should work just fine. But it won't. You're setting the custom headers for the response which is instructing the browser to redirect, not for the redirect itself.

The only way for a site to instruct a browser to issue an HTTP request with a custom header is to use Javascript and the XMLHttpRequest object. And it needs CORS implemented on the target server to allow such ajax requests.

Please note that a page can not set HTTP request headers unless it's making an async request using XMLHttpRequest. Meaning that you can't do such redirection with the custom header on the client-side as well.

Is this due to security reasons? – azmeuk Aug 29 '22 at 12:39 — azmeuk, Aug 29 '22 at 12:39
So ? should the website be a single page application ? – f_s Apr 07 '23 at 13:39 — f_s, Apr 07 '23 at 13:39

score -10 · Answer 2 · answered Sep 28 '11 at 12:50

-10

Just add additional header() calls after or before this one.

header("Location: http://...");
header("Content-Type: text/plain");

answered Sep 28 '11 at 12:50

genesis

50,477
20
96
125

1

`header("Location: http://...");` will redirect before the second line run. – wpcoder Oct 27 '17 at 18:15
1

it is not possible – Ankit Kumar Oct 01 '19 at 09:07
@genesis gone? where?? is everything OK? – Alexander Dec 30 '20 at 22:58

hakre · Accepted Answer · 2022-07-02T17:50:02.933

-18

This question needs to be answered differently as depending from where you're looking the answer is different:

Redirect Response (PHP)

As far as you're concerned about the redirect response (and not the request that may be triggered by a redirect response)

Multiple header^Docs calls:

header("Location: ....");
header("Header2: ....");
header("Header3: ....");
...

New Request triggered by a Redirect Response (Browser, HTTP client)

If you're looking for the new request that has been triggered by a redirect response, please consult your HTTP clients technical documentation for your options.

Commonly, HTTP clients do not offer any such options, that is most HTTP clients do not turn response headers into request headers in case one of the response headers is a Location: header and a status code in the 3xx range.

This would not make any sense anyway as such practice would be unsafe.

Especially on the level of interactive HTTP clients (like a browser) that automatically perform redirects without approval of the user. See HTTP, compare Fetch API.

Further reading: https://ec.haxx.se/http/http-redirects

edited Jul 02 '22 at 17:50

answered Sep 28 '11 at 12:51

hakre

193,403
52
435
836

2

What didn't work for you? Please post your code. I can't guess out of the blue what you're doing wrong. – hakre Sep 28 '11 at 13:25
header("VIA: maga"); header("X_MSISDN: +27000000000"); header("X_UP_CALLING_LINE_ID: +27000000000"); header("Location: url"); – Lennie Sep 28 '11 at 13:51
You need to disable automatic redirects in firefox to actually see which response headers are send. If you don't, Firefox will do a second request to the URI given in the `Location` header which is a different thing then. You can disable the automatic redirect temporarly by commenting out the `Location` header or you can disable it by installing a little Add-On: [NoRedirect 1.2.4 Toolpress Strict Edition (Firefox Add-On)](http://toolpress.de/tools/noredirect-1.2.4-fx+sm+toolpress-strict-edition.xpi.html) – hakre Sep 28 '11 at 13:57
8

It doesn't work because you can't set custom HTTP headers for a redirect. Never! – sepehr Dec 19 '16 at 08:16
Sounds a bit as if op got puzzled between request and response headers. – hakre Dec 19 '16 at 09:14
This is not the correct answer, if your response is interpreted by an agent. If you examine the response with a very low-level http client, you may be able to extract the added headers. – Luis Muñiz Aug 13 '19 at 14:01
@BretRoyster: Please see this old comment here: https://stackoverflow.com/questions/7583461/redirect-to-page-and-send-custom-http-headers/7583497?noredirect=1#comment9198044_7583497 --- response headers can be send with any HTTP response, and if the HTTP client creates another request, it's a new thing. – hakre Jun 18 '20 at 14:12
@hakre - deleted my last comment – Bret Royster Jun 19 '20 at 15:11
@sepehr: Not _for_ a redirect, and I never wrote that it's possible _for_ a redirect. But it is perfectly technically possible to send other (custom) response headers _and_ the `Location` response header (e.g. `X-Example-....`). The location header represents the redirect to another page, and the other headers _are_ custom headers. This qualifies the _and_ in question title. If that may make no sense is a different judgement apart from properties of the protocol in use which has been asked for. Don't shoot the messenger. – hakre Jul 16 '21 at 21:47
1

@hakre: I have no idea what I talked about back then and how these things work anymore But I trust you have a point there. – sepehr Jul 18 '21 at 08:04

Redirect to page and send custom HTTP headers

3 Answers3

Redirect Response (PHP)

New Request triggered by a Redirect Response (Browser, HTTP client)

Linked