PHP‘s header() function allows developers to redirect users to a different page by setting the Location header in the HTTP response. This server-side redirect is useful for changing domains, implementing HTTPS, or simply sending users to another page on your site.
In this comprehensive guide, we‘ll cover everything you need to know about header location in PHP including:
- What is a header location redirect
- How to use the header() function for redirects
- Controlling status codes and cache behavior
- Temporary vs permanent redirects
- Best practices for clean implementation
- Comparisons to other redirect methods
- Specific use cases and examples
- Fallback procedures for failed redirects
What is a Header Location Redirect?
When a user requests a page on your site, the web server sends back an HTTP response containing the headers and content of the page. The headers include metadata about the response like the status code and information that tells the browser how to handle the content.
PHP allows setting a Location header that tells the browser to redirect to a new URL rather than loading the content of the current page. Essentially you are changing the location that the browser will retrieve next before any output is sent.
Here is an example 301 permanent redirect using the header() function:
<?php
header("Location: https://example.com/new-page.html", true, 301);
exit();This code sends a 301 Moved Permanently response back to the browser with the Location header set to the new URL. The browser will automatically request the new page without any visible redirection notice.
Setting header location from PHP happens completely on the server-side. The end user just sees their browser loading the new destination page. This makes redirects fast, seamless, and convenient without messy visible redirects.
How to Redirect with the header() Function
PHP‘s header() function sends raw HTTP header strings back to the client. Using it to set the Location header provides an easy way to program redirects.
Here is the basic syntax:
header(string $header, bool $replace = true, int $status_code = 302)Let‘s break down each parameter:
$header(required) – The header string to send, e.g."Location: /newpage.html"$replace(optional) – Whether to replace previous headers, defaults to true$status_code(optional) – The HTTP status code to use, defaults to 302
When outputting the header, here are some key things to note:
- Any whitespace after the header type (Location) will result in failure.
- The
header()call must happen before any output is sent to browser, otherwise it will fail silently. - After setting the location, outputting any content will likely break the redirect.
- An
exit()ordie()after the redirect is recommended to prevent execution of further code.
Here is an example 301 permanent redirect with all parameters used properly:
<?php
header("Location: /newpage.html", true, 301);
exit(); This sends an HTTP 301 status to browsers, replaces existing headers, redirects to the new cleaned URL, then halts execution to ensure the redirect executes properly.
Controlling Redirect Status Codes and Caching
By default PHP will send back a 302 Found status when setting the Location header for redirection. But other codes can be used to better communicate permanence and control caching.
301 Moved Permanently
A 301 status indicates a resource has moved permanently telling both users and search engines to update references:
header("Location: /newpage.html", true, 301); Ideally 301s should be used whenever sites rebuild URLs or migrate content to new locations. This prevents old links from going stale.
Note: Browsers may cache 301 redirects unlike 302 temporary codes. The cached response will persist until cache clears or expires.
302 Found (Default)
A 302 is best for unconditionally temporary redirects when resources may move back to original URLs in future.
Browsers will follow 302s automatically but won‘t permanently update cached links to the redirected pages making them temporary by nature.
header("Location: /maintenace.html", true, 302); For example, putting a site in maintenance mode should use a 302 so you can remove the redirect once maintenance completes without having to recache all pages.
303 See Other
A 303 See Other status preserves the original request method like POST after redirecting unlike 302 and 301 which use GET requests after redirecting by default.
Use 303 when you care about keeping POST data intact:
header("Location: /response.php", true, 303);For example when processing a form POST submission, handling the POST data on a different endpoint could use a 303 redirect to link to the response page.
There are other valid redirect code options but 301, 302, and 303 cover many common redirect scenarios in PHP.
Best Practices for Clean and Scalable Implementation
Properly handling redirects in your application will keep things flexible and reusable as things change. Here are some best practices:
Use Relative Paths/URLs
Where possible avoid full URLs for headers. Instead use relative paths and URLs without domains:
header("Location: /newpage.php");Hardcoding full URLs makes moving or deploying the app to new domains more difficult. Relative paths avoid this.
Centralize Redirect Logic
Scattered header() calls end up duplicative and messy. Instead centralize redirects into reusable classes:
class Redirector {
public function to($path, $code = 302) {
header("Location: $path", true, $code);
exit();
}
}
$r = new Redirector;
$r->to(‘/login.php‘, 301); // Redirect!This abstracts all redirect handling into one place for DRY and flexible reuse.
Use Exceptions
Calling exit() after header() halts execution which can cause confusion. Instead:
function redirect($url, $code = 302) {
throw new RedirectException($url, $code);
}
try {
redirect("/home");
} catch (RedirectException $e) {
header("Location: " . $e->getUrl(), true, $e->getCode());
exit();
}Here we throw an exception to trigger redirect handling instead of a confusing hard stop.
Check Headers Not Sent
Always check if headers have already been sent before attempting a redirect:
if (!headers_sent()) {
// Redirect
} else {
// Fail gracefully
}If headers are sent, calling header() will fail silently leading to weird issues.
Have Fallback Plans
In production it‘s good practice to have backup procedures in case header redirects fail:
try {
redirect("/home");
} catch (RedirectException $e) {
// 1. Try header redirect
if (!headers_sent()) {
// Do header redirect
}
// 2. Fallback to JS redirect
echo "<script>window.location = ‘/home‘;</script>";
// 3. Final fallback page
echo "Redirect failed! Please click <a href=‘/home‘>here</a> to continue.";
}This gives us multiple levels of fallbacks if redirects don‘t work properly.
Following these best practices will ensure your PHP redirects work predictably across environments and deployments.
How Header Redirects Compare to Alternatives
Header redirects are not the only way to redirect in PHP. For example, two common alternatives are:
.htaccess RewriteRule
Apache .htaccess files can be used to rewrite inbound requests. For example:
RewriteEngine On
RewriteRule ^oldpage\.php$ /newpage.php [R=301,L]This transparently redirects any requests for /oldpage.php to the new page with a 301 moved permanently status.
.htaccess Pros:
- Works the same across different languages and frameworks
.htaccess Cons:
- Requires access/changes to server config files
- Not as portable between different servers
- Can be slower than header redirect
HTML Meta Refresh
HTML meta tags can also trigger redirects from client-side:
<meta http-equiv="refresh" content="0;url=/newpage.html">This causes the browser to redirect to the specified page after 0 seconds.
Meta Refresh Pros:
- Simple to add to existing pages
- Supported by all browsers
Meta Refresh Cons:
- Requires full page load first so slower
- Not great for accessibility
- Can be blocked/stripped by browsers
In most cases, header redirects should be preferred in PHP where possible. They are faster, more seamless, and work reliably across more HTTP clients.
Specific Use Cases and Examples
Some specific examples where you may want to use header redirects:
1. Site Migration and Redesign
When relaunching or rebuilding a website, old content often moves to new URLs. Permanent 301 redirects during migrations help avoid losing SEO value while directing visitors properly:
if (str_contains($_SERVER[‘REQUEST_URI‘], "/oldpage.php")) {
redirect("/newpage.html", 301);
}This also informs search engine crawlers that content has permanently moved to updated locations.
According to Moz data, 301 redirect usage has increased 122% in recent years indicating they are critical for proper SEO migrations.
2. Implementing HTTPS/SSL
When transitioning sites to use HTTPS, header redirects should force insecure requests over to secure pages:
if (!isset($_SERVER[‘HTTPS‘]) || $_SERVER[‘HTTPS‘] != "on") {
redirect("https://" . $_SERVER[‘HTTP_HOST‘] . $_SERVER[‘REQUEST_URI‘], 301);
}This sends all HTTP requests to their HTTPS equivalent with a permanent status to have browsers update bookmarks.
Google actively promotes HTTPS usage so redirecting to enable SSL where possible is great for both security and SEO.
3. User Login and Authorization
After logging into web applications, users can be conveniently redirected to appropriate pages:
if (login($user)) {
redirect("/app/dashboard.php"); // 302 temporary
} else {
// Failed login
} Redirects are also useful for keeping unauthorized users out of private areas:
if (! $user->canAccess("/admin")) {
redirect("/login.php", 403); // 403 Forbidden
} This provides a cleaner user experience than dumping errors when authorization fails.
4. Maintenance Mode
Temp redirects allow gracefully handling site maintenance without ugly errors:
if (MAINTENANCE_MODE) {
redirect("/offline.html", 302);
} This keeps users aware of temporary issues. Once maintenance completes, the redirects can be removed without having updated all browser caches and search engine indexes.
There are endless possibilities for intelligently handling redirects during launches, migrations, authorization flows, and various other use cases.
Have Backup Plans If Header Fails
Despite recommendations, it‘s still possible for header redirects to fail unexpectedly. Make sure to have backup plans when relying on redirects for mission critical flows:
1. JavaScript Redirect Fallback
If headers already get sent,客户端 JS can redirect as a backup:
// Try server-side redirect first
header("Location: /login.php");
// If that failed...
echo "<script>window.location.replace(‘/login.php‘);</script>";This handles cases where unexpected output precedes the header() call.
2. Refresh Meta Tag Fallback
As a last resort, refresh meta tag redirects don‘t rely on headers:
<meta http-equiv="refresh" content="0;url=/login.php">Rendered directly in the page markup, meta redirects work even if other methods fail.
3. Custom Error Page
Finally, displaying a custom error encouraging visitors to click the new location provides a usable fallback option when all else fails:
echo "Redirect failed! Please click <a href=‘/login.php‘>here</a> to continue."; Having these progressive fallback procedures in place ensures a positive experience even if things don‘t go as planned.
Conclusion and Key Takeaways
Using PHP‘s header() for location redirects allows fast and seamless redirects directly on the server. There are many best practices worth following:
- Use 301 Permanent redirects when sites rebuild URLs or migrate content to new locations. This maintains SEO value.
- Use 302 Temporary redirects for things like maintenance mode so they can be easily reversed later on.
- Centralize redirect logic in reusable classes and functions for clean abstraction.
- Validate headers are not sent yet otherwise
header()calls fail silently. - Have fallback procedures like JavaScript redirects as a safety net when header redirects don‘t work properly in production.
Understanding exact use cases and statuses is key to the most effective redirect implementation.
Some key takeaways around header redirects in PHP:
- The
header()function allows setting a new HTTP Location to redirect browsers seamlessly. - Works purely server-side before any output is sent to the client.
- 301, 302 and 303 status codes indicate different types of redirects to browsers.
- Follow best practices around relative URLs, exceptions, validation, and fallbacks.
- Common uses include site migrations, HTTPS, authorization, maintenance, etc.
Now that you know how header location redirects work in PHP and guidelines for the best usage, you‘ll be prepared to implement them cleanly and safely within your applications.
