Virtually any browser existing today does support Location
; However, you should be careful about which status code you send along with it (3rd parameter to header
). See rfc2616 sec10 for more information about which code to choose; 303 seems more correct but 302 is better supported.
How reliable exit()
is, really depends on how reliable your server is. If your PHP code is executed, exit()
will always abort execution and send the result to the browser. However, a wrongly configured webserver may directly expose your PHP code instead of executing it. This comment explains how you can mitigate this problem.
As for following the specs, rfc2616 sec10 says:
Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).
You can implement this by not using exit()
but using die('<a href="foo.php">You are redirected.</a>')
instead.