ConFoo 2025

apache_request_headers

(PHP 4 >= 4.3.0, PHP 5, PHP 7, PHP 8)

apache_request_headersFetch all HTTP request headers

Description

apache_request_headers(): array

Fetches all HTTP request headers from the current request. Works in the Apache, FastCGI, CLI, and FPM webservers.

Parameters

This function has no parameters.

Return Values

An associative array of all the HTTP headers in the current request.

Changelog

Version Description
7.3.0 This function became available in the FPM SAPI.

Examples

Example #1 apache_request_headers() example

<?php
$headers
= apache_request_headers();

foreach (
$headers as $header => $value) {
echo
"$header: $value <br />\n";
}
?>

The above example will output something similar to:

Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0
Host: www.example.com
Connection: Keep-Alive

Notes

Note:

You can also get at the value of the common CGI variables by reading them from the environment, which works whether or not you are using PHP as an Apache module. Use phpinfo() to see a list of all of the available environment variables.

See Also

add a note

User Contributed Notes 5 notes

up
12
Tel
5 years ago
Although we expect to see headers in mixed case, the standard RFC2616 demands that "field names are case-insensitive". PHP delivers the headers exactly untouched in whatever way the client sent them. Potentially you should expect to get any type of uppercase or lowercase or mixed.

Thus, if you want to be standards compliant, you must loop through every key and check it in a case-insensitive manner, instead of doing the obvious thing and using the name of the header as an array index.
up
10
limalopex.eisfux.de
18 years ago
I didn't found a replacement for apache_request_headers() in PHP::Compat (http://pear.php.net/package/PHP_Compat) so I wrote my own:

<?php
if( !function_exists('apache_request_headers') ) {
///
function apache_request_headers() {
$arh = array();
$rx_http = '/\AHTTP_/';
foreach(
$_SERVER as $key => $val) {
if(
preg_match($rx_http, $key) ) {
$arh_key = preg_replace($rx_http, '', $key);
$rx_matches = array();
// do some nasty string manipulations to restore the original letter case
// this should work in most cases
$rx_matches = explode('_', $arh_key);
if(
count($rx_matches) > 0 and strlen($arh_key) > 2 ) {
foreach(
$rx_matches as $ak_key => $ak_val) $rx_matches[$ak_key] = ucfirst($ak_val);
$arh_key = implode('-', $rx_matches);
}
$arh[$arh_key] = $val;
}
}
return(
$arh );
}
///
}
///
?>
up
8
callum85 at notspam dot msn dot com
17 years ago
There is a simple way to get request headers from Apache even on PHP running as a CGI. As far as I know, it's the only way to get the headers "If-Modified-Since" and "If-None-Match" when apache_request_headers() isn't available. You need mod_rewrite, which most web hosts seem to have enabled. Put this in an .htacess file in your web root:

RewriteEngine on
RewriteRule .* - [E=HTTP_IF_MODIFIED_SINCE:%{HTTP:If-Modified-Since}]
RewriteRule .* - [E=HTTP_IF_NONE_MATCH:%{HTTP:If-None-Match}]

The headers are then available in PHP as
<?php
$_SERVER
['HTTP_IF_MODIFIED_SINCE'];
$_SERVER['HTTP_IF_NONE_MATCH'];
?>

I've tested this on PHP/5.1.6, on both Apache/2.2.3/Win32 and Apache/2.0.54/Unix, and it works perfectly.

Note: if you use RewriteRules already for clean URLs, you need to put the above rules AFTER your existing ones.
up
5
egocentryk
9 years ago
Superglobal $_SERVER, used in all patches for missing getallheaders() contains only truly basic headers. To pass ANY header into PHP in any httpd environment, including CGI/FCGI just add rule (any number of rules) into .htaccess:

RewriteRule .* - [E=HTTP_MY_HEADER:%{HTTP:My-Header}]

and the header with it's value will appear for PHP as
<?php print $_SERVER['HTTP_MY_HEADER']; ?>

And... just couldn't hold off. Rewrtiting $_SERVER keys for replacing missing function really does not require RegExps, preg_matches or evals... Try this:
<?php
function getallheaders() {
foreach(
$_SERVER as $K=>$V){$a=explode('_' ,$K);
if(
array_shift($a)=='HTTP'){
array_walk($a,function(&$v){$v=ucfirst(strtolower($v));});
$retval[join('-',$a)]=$V;}
} return
$retval; }
?>
up
1
gilles at sdv dot fr
1 year ago
The function apache_request_headers, doesn't exist in FCGI PHP-FPM

Use this patch : https://gist.github.com/rmpel/11583cfddfcc9705578428e3a2ee3dc1

<?php
// Drop-in replacement for apache_request_headers() when it's not available

if ( ! function_exists( 'apache_request_headers' ) ) {
function
apache_request_headers() {
static
$arrHttpHeaders;
if ( !
$arrHttpHeaders ) {

// Based on: http://www.iana.org/assignments/message-headers/message-headers.xml#perm-headers
$arrCasedHeaders = array(
// HTTP
'Dasl' => 'DASL',
'Dav' => 'DAV',
'Etag' => 'ETag',
'Mime-Version' => 'MIME-Version',
'Slug' => 'SLUG',
'Te' => 'TE',
'Www-Authenticate' => 'WWW-Authenticate',
// MIME
'Content-Md5' => 'Content-MD5',
'Content-Id' => 'Content-ID',
'Content-Features' => 'Content-features',
);
$arrHttpHeaders = array();

foreach (
$_SERVER as $strKey => $mixValue ) {
if (
'HTTP_' !== substr( $strKey, 0, 5 ) ) {
continue;
}

$strHeaderKey = strtolower( substr( $strKey, 5 ) );

if (
0 < substr_count( $strHeaderKey, '_' ) ) {
$arrHeaderKey = explode( '_', $strHeaderKey );
$arrHeaderKey = array_map( 'ucfirst', $arrHeaderKey );
$strHeaderKey = implode( '-', $arrHeaderKey );
} else {
$strHeaderKey = ucfirst( $strHeaderKey );
}

if (
array_key_exists( $strHeaderKey, $arrCasedHeaders ) ) {
$strHeaderKey = $arrCasedHeaders[ $strHeaderKey ];
}

$arrHttpHeaders[ $strHeaderKey ] = $mixValue;
}

/** in case you need authorization and your hosting provider has not fixed this for you:
* VHOST-Config:
* FastCgiExternalServer line needs -pass-header Authorization
*
* .htaccess or VHOST-config file needs:
* SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
* to add the Authorization header to the environment for further processing
*/
if ( ! empty( $arrHttpHeaders['Authorization'] ) ) {
// in case of Authorization, but the values not propagated properly, do so :)
if ( ! isset( $_SERVER['PHP_AUTH_USER'] ) ) {
list(
$_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) = explode( ':', base64_decode( substr( $_SERVER['HTTP_AUTHORIZATION'], 6 ) ) );
}
}
}

return
$arrHttpHeaders;
}

// execute now so other scripts have little chance to taint the information in $_SERVER
// the data is cached, so multiple retrievals of the headers will not cause further impact on performance.
apache_request_headers();
}
To Top