$url, CURLOPT_RETURNTRANSFER => true, CURLOPT_FOLLOWLOCATION => false, CURLOPT_USERAGENT => $user_agent, CURLOPT_REFERER => $referrer, CURLOPT_HTTPHEADER => $headers, ]); // Execute request $content = curl_exec($ch); // Get the host and content type of the URL we were redirected to $url_new = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL); $content_type = curl_getinfo($ch, CURLINFO_CONTENT_TYPE); // Check for error if ($content === false) { // Return valid JavaScript error instead of throwing exception header("Content-Type: application/javascript"); echo "console.error('CURL error: " . addslashes(curl_error($ch)) . "');"; curl_close($ch); exit; } // Close CURL curl_close($ch); // Check URL host... if (parse_url($url_new, PHP_URL_HOST) === $domain) { // If internal if (!is_null($content_type)) { // For JavaScript requests, always set JavaScript content type if (strpos($u, '/js/') !== false || isset($_SERVER['HTTP_ACCEPT']) && strpos($_SERVER['HTTP_ACCEPT'], 'text/javascript') !== false) { header("Content-Type: application/javascript"); } else { header("Content-Type: $content_type"); } } else { // Default to JavaScript for script requests if (strpos($u, '/js/') !== false) { header("Content-Type: application/javascript"); } } // Set X-Robots-Tag header (so search engines don't index this page) header("X-Robots-Tag: none"); // Output contents echo $content; } else { // If external and this is a JavaScript request, return JavaScript redirect if (strpos($u, '/js/') !== false || isset($_SERVER['HTTP_ACCEPT']) && strpos($_SERVER['HTTP_ACCEPT'], 'text/javascript') !== false) { header("Content-Type: application/javascript"); echo "window.location.href = '" . addslashes($url_new) . "';"; } else { // Otherwise do normal redirect header("Location: $url_new"); } }