Is header Content-Type text plain necessary at all

Question

I didn t see any difference with or without this head information yet

User · Answer

It is very important that you tell the browser what type of data you are sending it. The difference should be obvious. Try viewing the output of the following PHP file in your browser;

<?php
header('Content-Type:text/html');
?>
<p>Hello</p>

You will see:

hello

(note that you will get the same results if you miss off the header line in this case - text/html is php's default)

Change it to text/plain

<?php
header('Content-Type:text/plain');
?>
<p>Hello</p>

You will see:

<p>Hello</p>

Why does this matter? If you have something like the following in a php script that, for example, is used by an ajax request:

<?php
header('Content-Type:text/html');
print "Your name is " . $_GET['name']

Someone can put a link to a URL like http://example.com/test.php?name=%3Cscript%20src=%22http://example.com/eviljs%22%3E%3C/script%3E on their site, and if a user clicks it, they have exposed all their information on your site to whoever put up the link. If you serve the file as text/plain, you are safe.

Note that this is a silly example, it's more likely that the bad script tag would be added by the attacker to a field in the database or by using a form submission.

User · Answer

Setting the Content-Type header will affect how a web browser treats your content   When most mainstream web browsers encounter a Content-Type of text plain  they ll render the raw text source in the browser window  as opposed to the source rendered at HTML    It s the difference between seeing   lt b gt foo lt  b gt    or     foo   Additionally  when using the XMLHttpRequest object  your Content-Type header will affect how the browser serializes the returned results   Prior to the takeover of AJAX frameworks like jQuery and Prototype  a common problem with AJAX responses was a Content-Type set to text html instead of text xml   Similar problems would likely occur if the Content-Type was text plain

User · Answer

no its not like that here is Example for the support of my answer ---- the clear difference is visible  when you go for HTTP Compression which allows you to compress the data while travelling from Server to Client and the Type of this data automatically becomes as  gzip  which Tells browser that bowser  got a zipped data and it has to upzip it this is a example where Type really matters at Bowser

User · Answer

PHP uses Content-Type  text html  as default - which is pretty similar to  text plain  - and this explains why you don t see any differences  text plain is necessary if you want to output text as is  including  lt  -symbols   Examples   header  Content-Type  text plain    echo   lt b gt hello world lt  b gt       Output   lt b gt hello world lt  b gt   header  Content-Type  text html    echo   lt b gt hello world lt  b gt       Output  hello world

User · Answer

Define  necessary     It is necessary if you want the browser to know what the type of the file is  PHP automatically sets the Content-Type header to text html if you don t override it so your browser is treating it as an HTML file that doesn t contain any HTML  If your output contained any HTML you d see very different outcomes  If you were to send    lt b gt  lt i gt test lt  i gt  lt  b gt    a Content-Type  text html would output    test  whereas Content-Type  text plain would output    lt b gt  lt i gt test lt  i gt  lt  b gt    TLDR Version  If you really are only outputing text then it doesn t really matter  but it IS wrong

User · Answer

Say you want to answer a request with a 204  No Content HTTP status  Firefox will complain with  no element found  in the console of the browser  This is a bug in Firefox that has been reported  but never fixed  for several years  By sending a  Content-type  text plain  header  you can prevent this error in Firefox

[php] Is header('Content-Type:text/plain'); necessary at all?

Examples related to php

Examples related to http-headers

Examples related to content-type

Examples related to head

Examples related to response-headers