Does relocation in head stop the rest of the page loading?

Question

I have read a similar question here, but I feel my question is diverse enough to make a second question.

I am wondering if I have a redirection in the header, is the rest of the source code view able. The example I was thinking of, is having a page you only want admins to be able to view, and in that page you have your mysql password in the code that follows. If I redirect in the head, and they somehow stop the redirection, can they still view the rest of the pages source?

Thanks, Avery.

When unsure, use telnet and you will see the raw response. – Oriol Jul 09 '16 at 18:24 — Oriol, Jul 09 '16 at 18:24

score 1 · Accepted Answer · answered Jul 09 '16 at 18:16

If by source you mean like the html that is generated/served by the server then it will always be viewable as other programs, and the browser, will be able to download the code as the meta tags will not affect it downloading. For instance the below:

<meta http-equiv="Refresh" content="0; url=http://www.example.com/?password=1234">
<!-- other html -->

Would be visiable as the html would be downloadable and readable.

If however you mean the server side script code, eg php code in a php file, like below:

<?php
$password = "1234";

then a user would be able view it if:

You have a misconfigured server that just serves the file instead of processing it like passing it through the php processor.
If your code for some reason directly prints a script file
The user uses some security hole

Does relocation in head stop the rest of the page loading?

1 Answers1