CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use
← Back to glossary

Headers Already Sent Error

php PHP 5.0+ Beginner
debt(d3/e3/b3/t5)
d3 Detectability Operational debt — how invisible misuse is to your safety net

Closest to 'default linter catches the common case' (d3). The term's detection_hints list phpcs and php-cs-fixer as tools that can catch obvious cases like echo before header(). However, some causes (BOM characters, whitespace in included files) require more careful scanning, pushing slightly above d3 but not reaching specialist tool territory.

e3 Effort Remediation debt — work required to fix once spotted

Closest to 'simple parameterised fix' (e3). The quick_fix suggests adding ob_start() at bootstrap and auditing included files for whitespace/BOM. This is more than a one-line patch but remains a localized fix pattern—adding output buffering and cleaning up file headers doesn't require cross-cutting refactors.

b3 Burden Structural debt — long-term weight of choosing wrong

Closest to 'localised tax' (b3). This applies only to web contexts per applies_to, not CLI or queue workers. Once ob_start() is in place or files are cleaned, the issue doesn't impose ongoing maintenance burden. It's not a load-bearing architectural choice but a one-time cleanup with a simple preventive measure.

t5 Trap Cognitive debt — how counter-intuitive correct behaviour is

Closest to 'notable trap' (t5). The misconception field explicitly states developers wrongly believe 'only echo and print cause this' when whitespace outside PHP tags, BOM characters, and var_dump() also trigger it. This is a documented gotcha that most PHP developers eventually learn through painful debugging, but it contradicts the intuitive expectation that only explicit output matters.

About DEBT scoring → scored by claude-opus-4-5-20251101 · 2026-05-11 · reviewed by human

Also Known As

headers already sent cannot modify header information

TL;DR

PHP sends HTTP headers on first output — any echo, whitespace, or BOM before header() causes 'Cannot modify header information — headers already sent'.

Explanation

HTTP headers must be sent before any response body. The moment PHP outputs any character — a space before the opening PHP tag, a BOM in a UTF-8 file, or an echo statement — headers are flushed and cannot be modified. Common culprits: whitespace before the opening PHP tag, echo or print before a redirect, BOM in included files. Output buffering (ob_start()) delays output so headers can still be set.

Common Misconception

Only echo and print cause this — any whitespace outside PHP tags, BOM characters in files, or var_dump() before headers also triggers it.

Why It Matters

Redirects, cookies, and session_start() all require headers to be unsent — this error breaks authentication flows and redirects silently in production when display_errors is Off.

Common Mistakes

  • Whitespace or BOM before the opening PHP tag in included files
  • echo or var_dump() debugging statements left before session_start()
  • Not using ob_start() as a safety net in legacy applications

Code Examples

✗ Vulnerable 
<?php
echo 'Hello'; // Output sent
header('Location: /login'); // Warning: Cannot modify header information — headers already sent
✓ Fixed 
<?php
// No output before headers:
if (!$authenticated) {
    header('Location: /login');
    exit;
}
echo 'Hello authenticated user';
Added 22 Mar 2026
Edited 23 Mar 2026
Views 16

Curated in Warsaw under one editorial standard. 1,448 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings T 0 pings F 0 pings S 1 ping S 0 pings M 0 pings T 1 ping W 0 pings T 1 ping F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 1 ping T 0 pings F 1 ping S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 1 ping S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F
Agents 0
No pings yet today
No pings yesterday
Amazonbot 6 Google 3 Perplexity 2 Unknown AI 2 Ahrefs 1
Also referenced
HTTP Request-Response Cycle 40 PHP Session 25 Output Buffering (ob_start / ob_flush) 14
How they use it
crawler 12 crawler_json 2
Related categories
php 7.3k networking 570
DEV INTEL Tools & Severity
🟡 Medium ⚙ Fix effort: Low
⚡ Quick Fix
Add ob_start() at the very top of your bootstrap file and audit all included files for whitespace before the PHP opening tag or BOM markers
📦 Applies To
PHP 5.0+ web
🔗 Prerequisites
🔍 Detection Hints
header() or setcookie() after any echo print var_dump; whitespace before opening PHP tag in files; BOM in UTF-8 PHP files
Auto-detectable: ✓ Yes phpcs php-cs-fixer
⚠ Related Problems
🤖 AI Agent
Confidence: High False Positives: Low ✓ Auto-fixable Fix: Low Context: File
✓ schema.org compliant