function drupal_page_header

Sets HTTP headers in preparation for a page response.

Authenticated users are always given a 'no-cache' header, and will fetch a fresh page on every request. This prevents authenticated users from seeing locally cached pages.

Also give each page a unique ETag. This will force clients to include both an If-Modified-Since header and an If-None-Match header when doing conditional requests for the page (required by RFC 2616, section 13.3.4), making the validation more robust. This is a workaround for a bug in Mozilla Firefox that is triggered when Drupal's caching is enabled and the user accesses Drupal via an HTTP proxy (see https://bugzilla.mozilla.org/show_bug.cgi?id=269303): When an authenticated user requests a page, and then logs out and requests the same page again, Firefox may send a conditional request based on the page that was cached locally when the user was logged in. If this page did not have an ETag header, the request only contains an If-Modified-Since header. The date will be recent, because with authenticated users the Last-Modified header always refers to the time of the request. If the user accesses Drupal via a proxy server, and the proxy already has a cached copy of the anonymous page with an older Last-Modified date, the proxy may respond with 304 Not Modified, making the client think that the anonymous and authenticated pageviews are identical.

Deprecated

Header handling is being shifted to a Symfony response object.

See also

drupal_page_set_cache()

1 call to drupal_page_header()
install_display_output in drupal/core/includes/install.core.inc
Displays themed installer output and ends the page request.

File

drupal/core/includes/bootstrap.inc, line 1206
Functions that need to be loaded on every Drupal request.

Code

function drupal_page_header() {
  $headers_sent =& drupal_static(__FUNCTION__, FALSE);
  if ($headers_sent) {
    return TRUE;
  }
  $headers_sent = TRUE;
  $default_headers = array(
    'Expires' => 'Sun, 19 Nov 1978 05:00:00 GMT',
    'Last-Modified' => gmdate(DATE_RFC1123, REQUEST_TIME),
    'Cache-Control' => 'no-cache, must-revalidate, post-check=0, pre-check=0',
    'ETag' => '"' . REQUEST_TIME . '"',
  );
  drupal_send_headers($default_headers);
}