Step 1 would be to remove all nonsense headers that are not defined in the HTTP standard.
This will eliminate Content-Description
and Content-Transfer-Encoding
. Both are useless at best, and might interfere with normal browser operations in the worst case.
Step 2 is to optimize the file delivery. Do not download the MP3 with a HTTP request, access the FILE on the server. Do not use a URL, do use a file path. If the MP3 is right next to your script, this will work:
readfile('./exact-file-name.mp3');
At this point you should usually end up with a working download. If not, try changing the Content-Type
to something more generic. audio/mpeg
might trigger the audio player in some browser, application/octet-stream
should work in most browsers but older Internet Explorer, which do inappropriate content sniffing on certain mime types including this one. application/x-ms-download
is supposed to work then.
Make sure the header is sent. PHP does not send HTTP headers if the HTTP body was already startet, and any whitespace including the UTF-8 BOM will trigger body output.
Some comments on your "final" headers in general:
Content-Length:
should only have an integer stating the length in bytes, nothing more. Especially no mention of any filename in square brackets.
Content-Transfer-Encoding
and Content-Description
are still useless.
Content-Location
is not needed. If you don't know what it does, omit it. Obfuscation will not work here, the browser needs to know the URL he is accessing. Duplicating this URL in this header does not change anything, obfuscating it will likely break things somewhere.
The two headers you really only need for a download are: Content-Type
and (if you want to pre-define a filename for the user) Content-Disposition
.