This is a guide on how to set custom request headers with PHP’s cuRL extension. Using cURL’s CURLOPT_HTTPHEADER option, we can change request headers such as Referer, Cookie, User-Agent and Accept-Encoding.
Take a look at the following cURL request:
//The URL you're sending the request to.
$url = 'http://localhost/test/file.php';
//Create a cURL handle.
$ch = curl_init($url);
//Create an array of custom headers.
$customHeaders = array(
'Accept-Encoding: gzip, deflate, br',
'Cookie: PHPSESSID=ciqas3vp82m514iubpr1b0md3o;',
'Referer: https://www.google.com/'
);
//Use the CURLOPT_HTTPHEADER option to use our
//custom headers.
curl_setopt($ch, CURLOPT_HTTPHEADER, $customHeaders);
//Set options to follow redirects and return output
//as a string.
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
//Execute the request.
$result = curl_exec($ch);
echo $result;
In the PHP code above, we are sending a GET request to a localhost URL. We also created a PHP array called $customHeaders, which will contain the custom headers that we want to send.
In this case, I set three custom headers using the CURLOPT_HTTPHEADER option:
- I set the Accept-Encoding header to gzip, deflate and br (Brotli).
- I provided a PHPSESSID value as the Cookie header.
- The HTTP referer header is set to the Google search engine. This is called referrer spoofing.
If you send the cURL request above to a PHP script that prints out the $_SERVER array, you should see something like the following:
In the screenshot above, you can see that my custom request headers have been received by the script:
- The contents of Accept-Encoding were parsed as HTTP_ACCEPT_ENCODING.
- Cookie was parsed as HTTP_COOKIE.
- Referer was parsed as HTTP_REFERER.
Pretty simple!