Over the last days some including me have opened tickets in wordpress trac touching the HTTP transport layer and redirection in specific.
As with my previous HTTP related review of worpdress, this is getting more and more interesting and detailed as well.
Especially two recent tickets (#16855, #16888) made me review the use of the Location header field in combination with redirect status codes in RFC 2616 – Hypertext Transfer Protocol — HTTP/1.1.
Review
Looking from the HTTP Status Code sepcifications in the redirection class, the following table tries to give an overview:
| Code | Server | User-Agent |
|---|---|---|
| 300 Multiple Choices | SHOULD include | MAY use for automatic redirection |
| 301 Moved Permanently | SHOULD be given | MUST NOT automatically redirect |
| 302 Found | SHOULD be given | MUST NOT automatically redirect |
| 303 See Other | SHOULD be given | SHOULD retrieve by GET |
| 304 Not Modfied | n/a | n/a |
| 305 Use Proxy | MUST | MUST |
| 306 (Unused) | (was: Switch Proxy) | |
| 307 Temporary Redirect | SHOULD be given | MUST NOT automatically redirect |
Looking from the Location field specification, the related information is more broadly:
For 3xx responses, the location SHOULD indicate the server’s preferred URI for automatic redirection to the resource. The field value consists of a single absolute URI.
The location field is used for other status codes as well (e.g. 201), I was not able to compile a full list so far.
Summary
The Location field plays an important role in the HTTP 3xx redirect status-code class, the usage varies a bit between the different codes, but genreally it was designed for automatic redirection.
Automatic redirection is not always considered safe these days, so take care – user-agents may not perform them anyway according to the specs.
An interesting information bit is, that servers and applications should not expect clients to handle more than 5 redirects in a row for compatibility reasons. There is more in Redirection 3xx so it’s probably worth for a second write-up of HTTP redirects for web-developers in general with a comparison between HTTP/1.0 and HTTP/1.1 as well.
hakre on wordpress 
Nice info thanks!,
2 things I noticed while playing with this in WP, maybe interesting for someone writing the same kinda thing and finding this post:
1. While it was adviced to get the HEAD first and then GET if not a redirect (or 5x etc) I noticed sites that give 405 method not allowed (no head) and sites that give a 200 in the HEAD and 3xx when doing a get, etc.. etc… So I decided to no longer do HEAD first and always just GET. Saves a lot of requests.
2. Some sites use the redirection HTML tag /Javascript redirection in the head or body instead of the 3x redirect status, I almost forgot about that. So if you are building something that really has to follow redirects apart from the WP HTTP API work you need to parse the initial html piece also and presumably dom xpath that one also for that tag(s), take the first one found, then redirect to somewhere else… which may be anywhere. And depending on the WP plugin at the same time parse the canonical link(s).