drupal_page_header
function drupal_page_header
drupal_page_header()
Sets HTTP headers in preparation for a page response.
Authenticated users are always given a 'no-cache' header, and will fetch a fresh page on every request. This prevents authenticated users from seeing locally cached pages.
ETag and Last-Modified headers are not set per default for authenticated users so that browsers do not send If-Modified-Since headers from authenticated user pages. drupal_serve_page_from_cache() will set appropriate ETag and Last-Modified headers for cached pages.
See also
File
- includes/bootstrap.inc, line 1494
- Functions that need to be loaded on every Drupal request.
Code
function drupal_page_header() { $headers_sent = &drupal_static(__FUNCTION__, FALSE); if ($headers_sent) { return TRUE; } $headers_sent = TRUE; $default_headers = array( 'Expires' => 'Sun, 19 Nov 1978 05:00:00 GMT', 'Cache-Control' => 'no-cache, must-revalidate', // Prevent browsers from sniffing a response and picking a MIME type // different from the declared content-type, since that can lead to // XSS and other vulnerabilities. 'X-Content-Type-Options' => 'nosniff', ); drupal_send_headers($default_headers); }
© 2001–2016 by the original authors
Licensed under the GNU General Public License, version 2 and later.
Drupal is a registered trademark of Dries Buytaert.
https://api.drupal.org/api/drupal/includes!bootstrap.inc/function/drupal_page_header/7.x