apache_request_headers() versus $_SERVER

Question

As far as I can tell, apache_request_headers() provides the same information as $_SERVER, but with slightly different keys. Why should someone ever use apache_request_headers() and not just get this information from $_SERVER? I am operating PHP 5.3.18 with Apache on Centos. Thank you

EDIT. identical data from $_SERVER and apache_request_headers()

Jun  2 08:50:53 localhost httpd: HTTP_HOST: www.badobe.com
Jun  2 08:50:53 localhost httpd: Host: www.badobe.com
Jun  2 08:50:53 localhost httpd: HTTP_USER_AGENT: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0
Jun  2 08:50:53 localhost httpd: User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:21.0) Gecko/20100101 Firefox/21.0
Jun  2 08:50:53 localhost httpd: HTTP_ACCEPT: */*
Jun  2 08:50:53 localhost httpd: Accept: */*
Jun  2 08:50:53 localhost httpd: HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.5
Jun  2 08:50:53 localhost httpd: Accept-Language: en-US,en;q=0.5
Jun  2 08:50:53 localhost httpd: HTTP_ACCEPT_ENCODING: gzip, deflate
Jun  2 08:50:53 localhost httpd: Accept-Encoding: gzip, deflate
Jun  2 08:50:53 localhost httpd: HTTP_REFERER: http://www.badobe.com/demo/administrator/index.php?cid=3
Jun  2 08:50:53 localhost httpd: Referer: http://www.badobe.com/demo/administrator/index.php?cid=3
Jun  2 08:50:53 localhost httpd: HTTP_COOKIE: PHPSESSID=feg3ecd4rsefvd03mgg6qear21
Jun  2 08:50:53 localhost httpd: Cookie: PHPSESSID=feg3ecd4rsefvd03mgg6qear21
Jun  2 08:50:53 localhost httpd: HTTP_CONNECTION: keep-alive
Jun  2 08:50:53 localhost httpd: Connection: keep-alive
Jun  2 08:50:53 localhost httpd: HTTP_IF_MODIFIED_SINCE: Sun, 02 Jun 2013 15:48:42 GMT
Jun  2 08:50:53 localhost httpd: If-Modified-Since: Sun, 02 Jun 2013 15:48:42 GMT
Jun  2 08:50:53 localhost httpd: HTTP_CACHE_CONTROL: max-age=0
Jun  2 08:50:53 localhost httpd: Cache-Control: max-age=0

Answer 1

Because apache_request_headers() returns an associative array of all the HTTP headers in the current request, where as $_SERVER gives more than that

• header details
• path details
• script locations

Answer 2

i would guess the function only works with Apache. but that is just a wild guess

furthermore i would guess the function returns ALL headers, where I think $_SERVER contains a predefined set of headers

Answer 3

apache_request_headers is not (completely) portable, and $_SERVER is not entirely complete. Most specifically $_SERVER never contains any Authorization header, no matter if PHP could process its value internally or not.

Since 5.4.0 apache_request_headers was patched to also show all headers in CGI deployments.