Either
Not all web development environments provide easy access to the http headers - they hide them in limited apis.
The javascript version would have to work on a timer in such a case. In our case, its an annoyance when doing redirects after secure form posts to insecure pages.
"Whenever you find you are on the side of the majority, it is time to pause and reflect" --Mark Twain
"The significant problems we face cannot be solved at the same level of thinking we were at when we created them." --Albert Einstein
"This is still a dangerous world. It's a world of madmen and uncertainty and potential mental losses." --George W. Bush