Which headers are most important to force a download and which headers get auto filled by the browsers
For e.g.
header('Content-Description: File Transfer');
header('Content-type: application/zip');
header('Content-Length: '.sprintf("%u", filesize($zip_out)));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Disposition: attachment; filename="'.basename($zip_out).'"');
I omit all the headers except line 1 and 2, download is working fine why/how ??
Content-Disposition: attachment tells your browser the content is an attachment. So the browser will start to download the content as a file.
According to RFC 6266:
If the disposition type matches "attachment" (case-insensitively), this indicates that the recipient should prompt the user to save the response locally, rather than process it normally (as per its media type).
Content-type: application/zip says your browser that the content is zipped, and usually makes the browser to download the content as a file, even if Content-Disposition: attachment is omitted, because that is the default behavior of the browser for zipped content.
I have never seen Content-Description header in any of HTTP-related specifications and I think it does not affect download at all.