|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #27345 Status header with PHP CGI
Submitted: 2004-02-22 05:10 UTC Modified: 2004-04-08 11:10 UTC
From: php_bugs at ecora dot de Assigned:
Status: Not a bug Package: CGI/CLI related
PHP Version: Irrelevant OS:
Private report: No CVE-ID:
 [2004-02-22 05:10 UTC] php_bugs at ecora dot de

header("HTTP/1.0 404 Not Found");
Note: In PHP 3, this only works when PHP is compiled as an Apache module. You can achieve the same effect using the Status header. 
header("Status: 404 Not Found");

IMHO this is not correct. Because the HTTP-status-header (also Content-Type- and Location-Header) is always a server parsed header, when PHP (PHP3, PHP4, PHP5 or also Perl or Python, ...) runs via CGI. 

The official CGI Specification (see

That means not only in PHP3 also in PHP4 or PHP5: When PHP runs via CGI, then you have to write:
header("Status: 404 Not Found"); instead of header("HTTP/1.0 404 Not Found");

Reproduce code:
When i try to send a header("HTTP/1.0 404 Not Found"); on my installation (Apache 1.3.29 + PHP 4.2.3 CGI on Linux) then i receive a 500 internal server error


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2004-02-22 05:49 UTC]
I couldn't reproduce this in PHP 5.

header("HTTP/1.0 404 Not Found"); print "Status: 404"


header("Status: 404 Not Found"); prints "Status: 404 Not Found"

Can anybody check this in PHP 4?
 [2004-02-22 06:09 UTC]
This is a bug, but not a documentation one.
Both PHP4 and PHP5 just send
"HTTP/1.1 404\r\n"...
when doing header('HTTP/1.0 404 Not found');
which isn't conforming to RFC 2616 (There has to be at least one space after 404). That may cause Webservers to error out. This is definitively a bug. 
I don't think the "reason-phrase" should be discarded at all.
 [2004-02-22 06:11 UTC]
Well, to be correct, PHP just sends "Status: 404\r\n".
 [2004-02-22 09:32 UTC] php_bugs at ecora dot de
I don't know. Maybe there is also a PHP Bug, but IMHO there is at least a documentation bug. When you send a HTTP-Status-Header via the common gateway interface to the http-server, then you have to write:

Status: ddd string

instead of

HTTP/1.1 ddd string

Please take a look at the CGI-Specification :

The output of scripts begins with a small header. This header consists of text lines, in the same format as an HTTP header, terminated by a blank line (a line with only a linefeed or CR/LF). 
This is used to give the server an HTTP/1.0 status line to send to the client. The format is nnn xxxxx, where nnn is the 3-digit status code, and xxxxx is the reason string, such as "Forbidden".
 [2004-02-22 15:41 UTC]
Nope, that's simply not true.
It doesn't matter what you pass to header().
What matters is the output created by PHP, and if you use header("HTTP/1.0 404 Foo Bar"); PHP parses that and turns it into a Status: line if you use CGI.
 [2004-02-22 17:35 UTC]
See cgi.rfc2616_headers php.ini directive.
 [2004-02-22 19:19 UTC]
There's no reason for the CGI sapi cutting of the reason-phrase when creating the Status: line, is there?
The Status: header that it's outputting is invalid.
 [2004-02-23 02:50 UTC] php_bugs at ecora dot de
> PHP parses that and turns it into a Status: line if you use CGI.

Ok, my mistake. I don't know, that PHP will parse the headers when running via CGI. And because of the 500 Internal server error (see the first posting) i believed that there is a documentation bug.

OK, there is no documentation bug, there is a small PHP bug.

Thank you for your great and very fast support!
 [2004-04-08 11:10 UTC]
Something like this was fixed in 4.3.5, AFAICT..and we don't have such PHP version as "Irrelevant"..

PHP Copyright © 2001-2015 The PHP Group
All rights reserved.
Last updated: Sat Nov 28 04:01:34 2015 UTC