Is header Content-Type text plain necessary at all

Question

I didn t see any difference with or without this head information yet

User · Answer

Setting the Content-Type header will affect how a web browser treats your content. When most mainstream web browsers encounter a Content-Type of text/plain, they'll render the raw text source in the browser window (as opposed to the source rendered at HTML). It's the difference between seeing

<b>foo</b>

or

foo

Additionally, when using the XMLHttpRequest object, your Content-Type header will affect how the browser serializes the returned results. Prior to the takeover of AJAX frameworks like jQuery and Prototype, a common problem with AJAX responses was a Content-Type set to text/html instead of text/xml. Similar problems would likely occur if the Content-Type was text/plain.

User · Answer

Define  necessary     It is necessary if you want the browser to know what the type of the file is  PHP automatically sets the Content-Type header to text html if you don t override it so your browser is treating it as an HTML file that doesn t contain any HTML  If your output contained any HTML you d see very different outcomes  If you were to send    lt b gt  lt i gt test lt  i gt  lt  b gt    a Content-Type  text html would output    test  whereas Content-Type  text plain would output    lt b gt  lt i gt test lt  i gt  lt  b gt    TLDR Version  If you really are only outputing text then it doesn t really matter  but it IS wrong

User · Answer

no its not like that here is Example for the support of my answer ---- the clear difference is visible  when you go for HTTP Compression which allows you to compress the data while travelling from Server to Client and the Type of this data automatically becomes as  gzip  which Tells browser that bowser  got a zipped data and it has to upzip it this is a example where Type really matters at Bowser

User · Answer

Say you want to answer a request with a 204  No Content HTTP status  Firefox will complain with  no element found  in the console of the browser  This is a bug in Firefox that has been reported  but never fixed  for several years  By sending a  Content-type  text plain  header  you can prevent this error in Firefox

User · Answer

PHP uses Content-Type  text html  as default - which is pretty similar to  text plain  - and this explains why you don t see any differences  text plain is necessary if you want to output text as is  including  lt  -symbols   Examples   header  Content-Type  text plain    echo   lt b gt hello world lt  b gt       Output   lt b gt hello world lt  b gt   header  Content-Type  text html    echo   lt b gt hello world lt  b gt       Output  hello world

User · Answer

It is very important that you tell the browser what type of data you are sending it  The difference should be obvious  Try viewing the output of the following PHP file in your browser    lt  php header  Content-Type text html      gt   lt p gt Hello lt  p gt    You will see      hello    note that you will get the same results if you miss off the header line in this case - text html is php s default   Change it to text plain   lt  php header  Content-Type text plain      gt   lt p gt Hello lt  p gt    You will see       lt p Hello lt  p    Why does this matter  If you have something like the following in a php script that  for example  is used by an ajax request    lt  php header  Content-Type text html    print  Your name is       GET  name     Someone can put a link to a URL like http   example com test php name  3Cscript 20src  22http   example com eviljs 22 3E 3C script 3E on their site  and if a user clicks it  they have exposed all their information on your site to whoever put up the link  If you serve the file as text plain  you are safe   Note that this is a silly example  it s more likely that the bad script tag would be added by the attacker to a field in the database or by using a form submission

[php] Is header('Content-Type:text/plain'); necessary at all?

Examples related to php

Examples related to http-headers

Examples related to content-type

Examples related to head

Examples related to response-headers