HTTP Headers in Web Development

At this point, you may not know what HTTP headers are, but you use them all the time, both as an Internet user and as a web developer, even if you are not aware of it. The beginning of this article is a short introduction to HTTP headers, including what they are, and what they do. Later in the article, we cover some common uses of HTTP headers in web development.

PHP will be the scripting language used in the examples.

What Are HTTP Headers?

HTTP headers are an Internet protocol, or set of rules for formatting certain types of data and instructions that can be sent along with a request from a web client or browser, or sent by the server along with a response to a browser. In simpler terms, an HTTP header is a few lines of code that carries information between a browser and a Web server.

HTTP headers are used for communication between the client and server in both directions. They are sent by the client or browser along with the request to the server for a web page or other resource. The resource is usually either a file or dynamic output from a server side script. In the other direction they are sent by the server along with its response to the browser or client request.

{mospagebreak title=What do HTTP headers look like?}

There are two different types of headers, Request headers and Response headers. Their formats differ, but generally they each consist of an opening line, header lines, and a status line. There will be an example of each later in the article.

Each of the items above must start on a new line. In response headers, the HTML or other output to the browser comes after the blank line at the end of the headers.

There may be some confusion, because the individual header directives or fields are also often referred to as "headers." I’m afraid that this article is guilty of that as well because "header directives" is too long.

Here is an example of a request header that might be sent by a web browser to a web server:

GET /index.html HTTP/1.1

Host: www.google.com
From: someone@adomain.com
User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)

[blank line above]

It is pretty obvious that what this header does is request the home page of google.com from the server.

The first two lines beginning with GET and Host: are the only ones required under the HTTP/1.1 specification. GET, in the first line, is the method. Another request method you may be familiar with is POST. There are also several others.

There is a required blank line as the last line of the sample request.

Next is an example of an actual response header received from Google.com:


Date: Fri, 27 Jun 2008 00:22:19 GMT

Expires: -1

Cache-Control: private, must-revalidate, max-age=0

Content-Type: text/html; charset=UTF-8

Last-Modified: Fri, 27 Jun 2008 00:22:18 GMT

Etag: 9398183226707537952

Set-Cookie: IGTP=LI=1:LM=1214526139; expires=Sun, 27-Jun-2010 00:22:19 GMT; path=/ig;

domain=www.google.com

Content-Encoding: gzip

Server: igfe

Content-Length: 49301

X-Cache: MISS from proxy2.online.com.kh

Via: 1.0 proxy2.online.com.kh:3128 (squid/2.6.STABLE20)

Connection: keep-alive


200 OK


[HTML Content]


Let’s take a look at each line of this header. The length and scope of this article doesn’t permit going into detail regarding each one of these fields, but here is an overview.

Date: This just shows the date and time that the response was received.

Expires: This is the date and time that the content is considered to be out of date. This is often used for data that is updated at a fixed time, in order to prevent browsers from caching the resource beyond the date and time specified.

Cache-Control: This line contains directives regarding how the content is cached. In this case, because of must-revalidate and max-age = 0, the content is not cached.

Content-Type: This tells the browser what content type(s) to expect, and how it is encoded. It is written as a MIME type.

Last-Modified: When the content was last modified.

Etag: This is short for "entity tag." It is used for determining whether the cached URI is identical to the requested URI on the server.

Set-Cookie: Sets a cookie with expiration date and time.

Content-Encoding: How the content is encoded.

Server: The type of server sending the response.

Content-Length: In bytes.

X-Cache: This has something to do with compression.

{mospagebreak title=How Headers Are Used}

This is nice to know, but how can it be used? Is there some way to set the HTTP response headers? Can one just put them at the top of a web page?

We will address these questions in reverse order.

Can one put HTTP headers at the top of a web page? Not as such, but there is a Meta tag that can be used in the head section of a web page that provides the same functionality, and uses the same syntax. This is the http-equiv tag. This is an example:

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

Notice that it looks very similar to the Content-Type: header in the response that was returned by Google in the example above.

Is there some way to set the "real" HTTP response headers? There are two ways to set them. The first is to set them in the server configuration directives. And the second method is to set them using a web scripting language such as PHP, or Perl.

How can HTTP headers be used in web development? There are numerous uses, both for communication between web page and browser, and communication between web pages.

In the next section, I will provide you with a few examples of the many uses of HTTP headers.

{mospagebreak title=Examples of HTTP Header Usage}

Web Page to Browser

If you have done much scripting with PHP, you have probably used a line like this

  header(‘Location: http://www.somesite.com/page.php’);

in your scripts to redirect the browser to a different page. The part inside the parentheses is actually an HTTP header request header. The PHP header function can be used in the same manner with any http header. The URL specified in the location header above must be an absolute URL. It is a good idea to follow the header function with exit(); in a PHP script, to ensure that the code does not continue to execute after the redirect.

PHP programmers sometimes find that the location header or some other header function fails. The likely reason for this is that it is preceded by browser output. The request header must always be the very first thing that is sent to the browser. The PHP header function sends the header to the browser in the same order as it occurs in the PHP code. Therefore, if the PHP code outputs anything to the browser, even something as minor as a blank line or a cookie, before the code gets to the line containing the header function, the header written by the header function will fail because it wasn’t part of the header’s first output to the browser.

Fortunately for PHP programmers, there are the ob_start() and ob_end_flush() functions which cause the output to the browser to be cached until all of that output for the entire page is assembled, eliminating this problem. The "ob" stands for "output buffering."

ob_start() goes before the beginning of any browser output, and ob_end_flush() goes at the end of the output. For example:

<?php 
ob_start(); //begin buffering the output

 
echo "This is the first browser output to be buffered";  
header(‘Location: http://www.somesite.com/page.php’);

ob_flush(); //output the data in the buffer
?>

As you can see, this would not have worked without the output buffering functions because output would have already been sent to the browser before the header() function. Alternatively, the output_buffering configuration directive can be set in the php.ini or server configuration files.

The Refresh: http header can also be used with the PHP header() function, to redirect the user after a time delay. This example provides a three second delay:

header(‘Refresh: 3; url= http://www.somesite.com/pagetwo.php ‘);

Another very common use of http headers is to prevent browsers from caching the page. This code snippet can be used to prevent it:


<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1

header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past

header(‘Pragma: no-cache’); // HTTP/1.0 (old browsers)
?>

Still another use is to force a "Save File" dialog box with a recommended file name, for downloading a file, using the Content-Disposition: header as in this example:

<?php
header(‘Content-type: application/pdf’);
header(‘Content-Disposition: attachment; filename="downloaded_file.pdf"’);
readfile(‘file_on_server.pdf’);
?>

Between Web Pages

Another area of HTTP header usage is communication between web pages. Request headers are often used for this purpose. At the beginning of this article, you saw the GET method used. Another one you may be familiar with is POST. There are several others, but those two are probably the most useful in web development. The biggest use is "under the hood" in form submissions, which as you know, utilize the GET or POST methods.

Conclusion

In this article, we barely scratched the surface of any aspect of HTTP headers and their usage. For more in depth information on this useful subject, I refer you to the W3C Standard RFC 2616 and to an excellent article in Wikipedia on the subject that contains links to further resources.

[gp-comments width="770" linklove="off" ]
antalya escort bayan antalya escort bayan