We Keep Coding

What's the net::ERR_HTTP2_PROTOCOL_ERROR about?

I'm currently working on a website, which triggers a net::ERR_HTTP2_PROTOCOL_ERROR 200 error on Google Chrome. I'm not sure exactly what can provoke this error, I just noticed it pops out only when accessing the website in HTTPS. I can't be 100% sure it is related, but it looks like it prevents JavaScript to be executed properly.
For instance, the following scenario happens :
I'm accessing the website in HTTPS
My Twitter feed integrated via https://publish.twitter.com isn't loaded at all
I can notice in the console the ERR_HTTP2_PROTOCOL_ERROR
If I remove the code to load the Twitter feed, the error remains
If I access the website in HTTP, the Twitter feed appears and the error disappears
Google Chrome is the only web browser triggering the error: it works well on both Edge and Firefox.
(NB: I tried with Safari, and I have a similar kcferrordomaincfnetwork 303 error)
I was wondering if it could be related to the header returned by the server since there is this '200' mention in the error, and a 404 / 500 page isn't triggering anything.
Thing is the error isn't documented at all. Google search gives me very few results. Moreover, I noticed it appears on very recent Google Chrome releases; the error doesn't pop on v.64.X, but it does on v.75+ (regardless of the OS; I'm working on Mac tho).
Might be related to Website OK on Firefox but not on Safari (kCFErrorDomainCFNetwork error 303) neither Chrome (net::ERR_SPDY_PROTOCOL_ERROR)
Findings from further investigations are the following:
error doesn't pop on the exact same page if server returns 404 instead of 2XX
error doesn't pop on local with a HTTPS certificate
error pops on a different server (both are OVH's), which uses a different certificate
error pops no matter what PHP version is used, from 5.6 to 7.3 (framework used : Cakephp 2.10)
As requested, below is the returned header for the failing ressource, which is the whole web page. Even if the error is triggering on each page having a HTTP header 200, those pages are always loading on client's browser, but sometimes an element is missing (in my exemple, the external Twitter feed). Every other asset on the Network tab has a success return, except the whole document itself.
Google Chrome header (with error):
Firefox header (without error):
A curl --head --http2 request in console returns the following success:
HTTP/2 200
date: Fri, 04 Oct 2019 08:04:51 GMT
content-type: text/html; charset=UTF-8
content-length: 127089
set-cookie: SERVERID31396=2341116; path=/; max-age=900
server: Apache
x-powered-by: PHP/7.2
set-cookie: xxxxx=0919c5563fc87d601ab99e2f85d4217d; expires=Fri, 04-Oct-2019 12:04:51 GMT; Max-Age=14400; path=/; secure; HttpOnly
vary: Accept-Encoding
Trying to go deeper with the chrome://net-export/ and https://netlog-viewer.appspot.com tools is telling me the request ends with a RST_STREAM :
t=123354 [st=5170] HTTP2_SESSION_RECV_RST_STREAM
--> error_code = "2 (INTERNAL_ERROR)"
--> stream_id = 1
For what I read in this other post, "In HTTP/2, if the client wants to abort the request, it sends a RST_STREAM. When the server receives a RST_STREAM, it will stop sending DATA frames to the client, thereby stopping the response (or the download). The connection is still usable for other requests, and requests/responses that were concurrent with the one that has been aborted may continue to progress.
[...]
It is possible that by the time the RST_STREAM travels from the client to the server, the whole content of the request is in transit and will arrive to the client, which will discard it. However, for large response contents, sending a RST_STREAM may have a good chance to arrive to the server before the whole response content is sent, and therefore will save bandwidth."
The described behavior is the same as the one I can observe. But that would mean the browser is the culprit, and then I wouldn't understand why it happens on two identical pages with one having a 200 header and the other a 404 (same goes if I disable JS).

In my case it was - no disk space left on the web server.

For several weeks I was also annoyed by this "bug":
net :: ERR_HTTP2_PROTOCOL_ERROR 200
In my case, it occurred on images generated by PHP.
It was at header() level, and on this one in particular:
header ('Content-Length:'. Filesize($cache_file));
It did obviously not return the exact size, so I deleted it and everything works fine now.
So Chrome checks the accuracy of the data transmitted via the headers, and if it does not correspond, it fails.
EDIT
I found why content-length via filesize was being miscalculated: the GZIP compression is active on the PHP files, so excluding the file in question will fix the problem. Put this code in the .htaccess:
SetEnvIfNoCase Request_URI ^ / thumb.php no-gzip -vary
It works and we keep the header Content-length.

I am finally able to solve this error after researching some things I thought is causing the error for 24 errors. I visited all the pages across the web. And I am happy to say that I have found the solution.
If you are using NGINX, then set gzip to off and add proxy_max_temp_file_size 0; in the server block like I have shown below.
server {
...
...
gzip off;
proxy_max_temp_file_size 0;
location / {
proxy_pass http://127.0.0.1:3000/;
....
Why? Because what actually happening was all the contents were being compressed twice and we don't want that, right?!

The fix for me was setting minBytesPerSecond in IIS to 0. This setting can be found in system.applicationHost/webLimits in IIS's Configuration Editor. By default it's set to 240.
It turns out that some webservers will cut the connection to a client if the server's data throughput to the client passes below a certain limit. This is to protect against "slow drip" denial of service attacks. However, this limit can also be triggered in cases where an innocent user requests many resources all at once (such as lots of images on a single page), and the server is forced to ration the bandwidth for each request so much that it causes one or more requests to drop below the throughput limit, which causes the server to cut the connection and shows up as net::ERR_HTTP2_PROTOCOL_ERROR in Chrome.
For example, let's say you request 10 GIF images all at once, and each GIF is 10 megabytes (100MB total). If your download speed from the server is 1MB per second, the server will have to divide that 1MBps amongst the 10 images somehow. Now, here is where it gets interesting, as how the bandwidth gets divided seems to be random:
The server may evenly divide the bandwidth by 10, resulting in 0.1MBps allocated to each image. None of the download speeds fall below the default IIS minBytesPerSecond limit of 240 bytes, so all the GIFs download successfully.
The server may serve the first 5 at 0.2MBps, and put the last 5 "on hold" at 0MBps, to be downloaded after the first 5. However, since 0MBps is below the default IIS minBytesPerSecond limit of 240 bytes, the server cuts the connection to the remaining downloads.
How IIS decides to divide the bandwidth across multiple connections is still unknown to me; it appears to be random from the testing I've done. If you have any insight, please comment below. Note: the web browser may actually be throttling the bandwidth too, so don't rule out the browser.
I was able to stop the connections from being cut by following these steps:
I used Chrome's Network Log Export tool at chrome://net-export/ to see exactly what was behind the ERR_HTTP2_PROTOCOL_ERROR error. I started the log, reproduced the error, and stopped the log.
I imported the log into the log viewer at https://netlog-viewer.appspot.com/#import, and saw an interesting event titled HTTP2_SESSION_RECV_RST_STREAM, with error code 8 (CANCEL).
I did some Googling on the term "RST_STREAM" (which appears to be an abbreviated form of "reset stream") and found a discussion between some people talking about an IIS setting called minBytesPerSecond (discussion here: https://social.msdn.microsoft.com/Forums/en-US/aeb01c46-bcdf-40ed-a417-8a3558221137). I also found another discussion where there was some debate about whether minBytesPerSecond was intended to protect against slow HTTP DoS (slow drip) attacks (discussion here: IIS 8.5 low minBytesPerSecond not working against slow HTTP POST). In any case, I learned that IIS uses minBytesPerSecond to determine whether to cancel a connection if it cannot sustain the minimum throughput. This is relevant in cases where a single user makes many requests to a large resource, and each new connection ends up starving all the other unfinished ones, to the point where some may fall below the minBytesPerSecond threshold.
To confirm that the server was canceling requests due to a minBytesPerSecond error, I checked my server's HTTPERR log at c:\windows\system32\logfiles\httperr. Sure enough, I opened the file and did a text search for "MinBytesPerSecond" and there were tons of entries for it.
So after I changed the minBytesPerSecond to 0, I was no longer able to reproduce the ERR_HTTP2_PROTOCOL_ERROR error. So, it appears that the ERR_HTTP2_PROTOCOL_ERROR error was being caused by my server (IIS) canceling the request because the throughput rate from my server fell below the minBytesPerSecond threshold.
So for all you reading this right now, if you're not using IIS, maybe there is a similar setting related to minimum throughput rate you can play with to see if it gets rid of the ERR_HTTP2_PROTOCOL_ERROR error.

I experienced a similar problem, I was getting ERR_HTTP2_PROTOCOL_ERROR on one of the HTTP GET requests.
I noticed that the Chrome update was pending, so I updated the Chrome browser to the latest version and the error was gone next time when I relaunched the browser.

I encountered this because the http2 server closed the connection when sending a big response to the Chrome.
Why?
Because it is just a setting of the http2 server, named WriteTimeout.

I had this problem when having a Nginx server that exposing the node-js application to the external world. The Nginx made the file (css, js, ...) compressed with gzip and with Chrome it looked like the same.
The problem solved when we found that the node-js server is also compressed the content with gzip. In someway, this double compressing leading to this problem. Canceling node-js compression solved the issue.

I didn't figure out what exactly was happening, but I found a solution.
The CDN feature of OVH was the culprit. I had it installed on my host service but disabled for my domain because I didn't need it.
Somehow, when I enable it, everything works.
I think it forces Apache to use the HTTP2 protocol, but what I don't understand is that there indeed was an HTTP2 mention in each of my headers, which I presume means the server was answering using the right protocol.
So the solution for my very particular case was to enable the CDN option on all concerned domains.
If anyone understands better what could have happened here, feel free to share explanations.

I faced this error several times and, it was due to transferring large resources(larger than 3MB) from server to client.

This error is currently being fixed: https://chromium-review.googlesource.com/c/chromium/src/+/2001234
But it helped me, changing nginx settings:
turning on gzip;
add_header 'Cache-Control' 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
expires off;
In my case, Nginx acts as a reverse proxy for Node.js application.

We experienced this problem on pages with long Base64 strings. The problem occurs because we use CloudFlare.
Details: https://community.cloudflare.com/t/err-http2-protocol-error/119619.
Key section from the forum post:
After further testing on Incognito tabs on multiple browsers, then
doing the changes on the code from a BASE64 to a real .png image, the
issue never happened again, in ANY browser. The .png had around 500kb
before becoming a base64,so CloudFlare has issues with huge lines of
text on same line (since base64 is a long string) as a proxy between
the domain and the heroku. As mentioned before, directly hitting
Heroku url also never happened the issue.
The temporary hack is to disable HTTP/2 on CloudFlare.
Hope someone else can produce a better solution that doesn't require disabling HTTP/2 on CloudFlare.

In our case, the reason was invalid header.
As mentioned in Edit 4:
take the logs
in the viewer choose Events
chose HTTP2_SESSION
Look for something similar:
HTTP2_SESSION_RECV_INVALID_HEADER
--> error = "Invalid character in header name."
--> header_name = "charset=utf-8"

By default nginx limits upload size to 1MB.
With client_max_body_size you can set your own limit, as in
location /uploads {
...
client_max_body_size 100M;
}
You can set this setting also on the http or server block instead (See here).
This fixed my issue with net::ERR_HTTP2_PROTOCOL_ERROR

Just posting here to let people know that ERR_HTTP2_PROTOCOL_ERROR in Chrome can also be caused by an unexpected response to a CORS request.
In our case, the OPTIONS request was successful, but the following PUT that should upload an image to our infrastructure was denied with a 410 (because of a missing configuration allowing uploads) resulting in Chrome issuing a ERR_HTTP2_PROTOCOL_ERROR.
When checking in Firefox, the error message was much more helpful:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.[...] (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 410.
My recommendation would be to check an alternative browser in this case.

I'm not convinced this was the issue but through cPanel I'd noticed the PHP version was on 5.6 and changing it to 7.3 seemed to fix it. This was for a WordPress site. I noticed I could access images and generic PHP files but loading WordPress itself caused the error.

Seems like many issues may cause ERR_HTTP2_PROTOCOL_ERROR: in my case it was a minor syntax error in a php-generated header, Content-Type : text/plain . You might notice the space before the colon... that was it. Works no problem when the colon is right next to the header name like Content-Type: text/plain. Only took a million hours to figure out... The error happens with Chrome only, Firefox loaded the object without complaint.

If simply restarting e.g., Chrome Canary, with a fresh profile fixes the problem, then one surely
is the "victim" of a failed Chrome Variation! Yes, there are ways to opt out of being a Guinea pig in Chrome's field testing.

In my case
header params can not set null or empty string
{
'Authorization': Authorization //Authorization can't use null or ''
}

I got the same issue (asp, c# - HttpPostedFileBase) when posting a file that was larger than 1MB (even though application doesn't have any limitation for file size), for me the simplification of model class helped. If you got this issue, try to remove some parts of the model, and see if it will help in any way. Sounds strange, but worked for me.

I have been experiencing this problem for the last week now as I've been trying to send DELETE requests to my PHP server through AJAX. I recently upgraded my hosting plan where I now have an SSL Certificate on my host which stores the PHP and JS files. Since adding an SSL Certificate I no longer experience this issue. Hoping this helps with this strange error.

I also faced this error and I believe there can be multiple reasons behind it. Mine was, ARR was getting timed-out.
In my case, browser was making a request to a reverse proxy site where I have set my redirection rules and that proxy site is eventually requesting the actual site. Now for huge data it was taking more than 2 minutes 5 seconds and Application Request Routing timeout for my server was set to 2 minutes. I fixed this by increasing the ARR timeout by below steps:
1. Go to IIS
2. Click on server name
3. Click on Application Request Routing Cache in the middle pane
4. Click Server Proxy settings in right pane
5. Increase the timeout
6. Click Apply

My team saw this on a single javascript file we were serving up. Every other file worked fine. We switched from http2 back to http1.1 and then either net::ERR_INCOMPLETE_CHUNKED_ENCODING or ERR_CONTENT_LENGTH_MISMATCH. We ultimately discovered that there was a corporate filter (Trustwave) that was erroneously detecting an "infoleak" (we suspect it detected something in our file/filename that resembled a social security number). Getting corporate to tweak this filter resolved our issues.

For my situation this error was caused by having circular references in json sent from the server when using an ORM for parent/child relationships. So the quick and easy solution was
JsonConvert.SerializeObject(myObject, new JsonSerializerSettings { ReferenceLoopHandling = ReferenceLoopHandling.Ignore })
The better solution is to create DTOs that do not contain the references on both sides (parent/child).

I had another case that caused an ERR_HTTP2_PROTOCOL_ERROR that hasn't been mentioned here yet. I had created a cross reference in IOC (Unity), where I had class A referencing class B (through a couple of layers), and class B referencing class A. Bad design on my part really. But I created a new interface/class for the method in class A that I was calling from class B, and that cleared it up.

I hit this issue working with Server Sent Events. The problem was solved when I noticed that the domain name I used to initiate the connection included a trailing slash, e.g. https://foo.bar.bam/ failed with ERR_HTTP_PROTOCOL_ERROR while https://foo.bar.bam worked.

In my case (nginx on windows proxying an app while serving static assets on its own) page was showing multiple assets including 14 bigger pictures; those errors were shown for about 5 of those images exactly after 60 seconds; in my case it was a default send_timeout of 60s making those image requests fail; increasing the send_timeout made it work
I am not sure what is causing nginx on windows to serve those files so slow - it is only 11.5MB of resources which takes nginx almost 2 minutes to serve but I guess it is subject for another thread

In my case, the problem was that Bitdefender provided me with a local ssl certificate, when the website was still without a certificate.
When I disabled Bitdefender and reloaded the page, the actual valid server ssl certificate was loaded, and the ERR_HTTP2_PROTOCOL_ERROR was gone.

In my case, it was WordPress that now requires PHP 7.4 and I was running 7.2.
As soon as I updated, the errors disappeared.
Happened again and this time it was the ad-blocker that didn't like the name of my images (yt.png, ig.png, url.png). I added a prefix and all loaded ok.

In my case, the time on my computer (browser client) was out of date, synced it using settings in windows, and then the error got away

I had line breaks in my Content-Security-Policy in my nginx.conf that produced this error when used in an docker container running in Kube in GCP (serving angular but I doubt that matters).
Putting them all back on the same line and the problem went away.
A curl -v helped diagnose.
http2 error: Invalid HTTP header field was received: frame type: 1, stream: 1, name: [content-security-policy], value: [script-src 'unsafe-inline' 'self....
It was much easier to edit on separate lines but never again!

Error 503 Backend fetch failed

I have this error in my site
Error 503 Backend fetch failed
Backend fetch failed
Guru Meditation:
XID: 526707
Varnish cache server
Anyone know what may be the cause or how to find out what happens?

There's a common reason that varnish returns 503 that is not explained on the varnish error list. I have learnt this from experience.
If your web server is returning 500 error or similar then varnish simply says Error 503 Backend fetch failed.
what you need to do is to always try to fetch without varnish to see if the error is in varnish or the web server. For example if you have a different hostname for the webserver, load that and find the error, if you fix that, then restart varnish and that solves it most of the time.

That means that Varnish has been properly configured to accept incoming connections, but is not yet available to serve your backend. This error is common when varnish receives a request but your backend is still restarting/releasing.

This can be due to the length of cache tags used by Magento exceeding Varnish’s default of 8192 bytes.
This can be solved by modifying the varnish configs:
CentOS 6: /etc/sysconfig/varnish
CentOS 7: /etc/varnish/varnish.params
Ubuntu: /etc/default/varnish
Find http_resp_hdr_len.
If the parameter doesn’t exist, add it after thread_pool_max.
Magento suggests setting http_resp_hdr_len to a value equal to the product count of your largest category multiplied by 21.
For example, setting the value to 65536 bytes should work if your largest category has 3,000 products:
-p http_resp_hdr_len=65536 \
See here: http://devdocs.magento.com/guides/v2.0/config-guide/varnish/tshoot-varnish-503.html

We see this on our Drupal site sometimes. Forgive me if you don't follow the Drupal-isms here, but, basically, there are Drupal entities that can reference other content entities (nodes), and in some situations you can have an entity hold many of these references. Let's say you add 4 references to one of these entities but you only specify the content (add IDs) for 3 of them, leaving the fourth one blank, it will result in this error.

Http request failed after site migration - server issue

So I have a website built in php and it was working perfectly on one server, I then moved the website to a server I have on Digital Ocean and am running into several errors, they seem to be based around http request failures while using the imagick library...
I was hoping to not to have to start debugging this from a code point of view as it was already working perfectly and would prefer to change server settings.
Fatal error: Uncaught exception 'ImagickException' with message 'Imagick::__construct(): HTTP request failed! HTTP/1.1 404 Not Found .
I cannot figure out what differences there, on both server allow_url_fopen is set to on.
The php version is different, 5.520 on the original server, 5.5.9 on the new server.
The versions of imagick are the same. I am also getting some other errors using the mpdf library but I will try deal with these later (Im hoping if I can resolved the first ones these ones will also get resolved).
My question is , is there possibly any other setting on the server I should be looking out for that may be causing these php errors?
EDIT:
Just to add more information, i can get rid of some of the errors by changing the file path https://www.example.com/myimage.jpg to /var/www/example/myimage.jpg . This solves some of the errors but I would rather get the root of the issue thats causing it not to work in the first place, because I feel that its the same problem thats causing other errors.

The error code says it: 404, file not found. You are probably using the wrong URL.
Are you able to fetch https://www.example.com/myimage.jpg using a webbrowser?
On several popular linux distros, /var/www/example/myimage.jpg would be served at https://www.example.com/example/myimage.jpg instead of https://www.example.com/myimage.jpg with the default configuration.
[edit]
It just came to my attention that the URL is HTTPS, there is a possibility that the script is rejecting the server certificate. Try with regular HTTP - no point in using SSL if the file is on the same machine.

Getting error in console : Failed to load resource: net::ERR_CONNECTION_RESET

I have refresh my application page and getting this error in console
Failed to load resource: net::ERR_CONNECTION_RESET.
I have tried to re-install the XAMPP version but this doesnt work for me.

I think you are using chrome.
The problem is the certificate mismatch or the expiration of the certificate.Check your certificate properly.
Just visit here for more information.

I'm using chrome too and facing same problem on my localhost.
I did a lot of things like clear using CCleaner and restart OS. But my problem was solved with clearing cookie.
In order to clear cookie:
Go to Chrome settings > Privacy > Content Settings > Cookie > All cookie and Site Data > Delete domain problem
OR
Right Click > Inspect Element > Tab Resources > Cookie (Left Menu) > Select domain > Delete All cookie One By One (Right Menu)

I had a similar issue using Apache 2.4 and PHP 7.
My client sent a lot of requests when refreshing (hard reloading) my application page in the browser and every time some of the last requests resulted in this error in console:
GET http://example.com/api/v1/my/resource net::ERR_CONNECTION_RESET
It turned out that my client was reaching the maximum amount of threads that was allowed. The threads exceeding this configured ceiling are simply not handled by Apache at all resulting in the connection reset error response.
The amount of threads can be easily raised by setting the ThreadsPerChild value for the module in question.
The easiest way to make such change is to uncomment the Server-pool management config file conf/extra/httpd-mpm.conf and then editing the preset values in the file to desired values.
1) Uncomment the Server-pool management file
# Server-pool management (MPM specific)
Include conf/extra/httpd-mpm.conf
2) Open and edit the file conf/extra/httpd-mpm.conf and raise the amount of threads
In my case I had to change the threads for the mpm_winnt_module:
# raised the amount of threads for mpm_winnt_module to 250
<IfModule mpm_winnt_module>
ThreadsPerChild 250
MaxConnectionsPerChild 0
</IfModule>
A comprehensive explanation on these Server-pool management configuration settings can be found in this post on StackOverflow.

Try it with the browser in incognito mode first. If incognito works it's probably an extension or settings issue with the browser(s) and not a server issue. Hopefully this saves someone the headache I just went through.

I had the same error with Symfony on wamp and PHP 7.0.0.
symptoms
None of the JS and CSS dependencies was loaded on the "dev" environnement, with error Failed to load resource: net::ERR_CONNECTION_RESET
solution
It's effectively a certificate problem in php.ini.
You need to set the property curl.cainfo to a valid certificate in the line :
curl.cainfo = C:\your\wamp\path\bin\cacert\cacert.pem

Turning off my VPN resolved the issue.

For me, this error was happening on localhost, but it disappeared when routing it through ngrok and was replaced with a MUCH more helpful error (net::ERR_INCOMPLETE_CHUNKED_ENCODING) that led me here:
https://stackoverflow.com/a/29969400
Basically, the Kestrel server I was using was saying it was chunked output, but not terminating it properly. I double checked it with Fiddler which confirmed the error.

In my case i have used .woff files from git repository, and i noticed git has changed my binary files. That with some null character at the file endings.
I have rechanged to the orgnal .woff source files and it has corrected!
Also i have understood visual studio controller sending corrupted error like ERR_CONNECTION_RESET from the controller when it gots null character
I shared for all who live this problem

(Short) In my case :
My URL redirected to https://localhost instead of http://localhost
Just try to click the first link and you will know about HOW?
(LONG)
As extra, I add summary about this situation Based on Timing breakdown phases from developer.chrome.com eg:
Queueing
Stalled
DNS Lookup
Initial connection (TCP,SSL)
Request sent
ServiceWorker Preparation
Request to ServiceWorker
Waiting (TTFB)
Content Download
Receiving Push
Reading Push
How:
Right click on page
Click Inspect
Clik Network
Clik on your Trouble URL
Clik Timing tab
Click on Explanation, and there a solution based on your case.
In my case Stalled: and explained in that document:
Here its 2 phase for my case:
Queueing. The browser queues requests when:
There are higher priority requests.
There are already six TCP connections open for this origin, which is
the limit. Applies to HTTP/1.0 and HTTP/1.1 only.
The browser is briefly allocating space in the disk cache
Stalled. The request could be stalled for any of the reasons described in Queueing.
Just read, information on that Timing Tab and I hope this can help anyone who experinced similar problem

PHP 404 error page won't display content

I'm having a problem implementing custom 404 error pages on my Windows/IIS/PHP webhost. Whenever I try to send the 404 status message in the header, no content is sent to the client and a blank page is displayed instead.
Here is a very simple script I'm using:
<?php
header('HTTP/1.1 404 Not Found');
header('Status: 404 Not Found');
var_dump(headers_list());
?>
On my dev machine the output (displayed in a browser) is
array(2) { [0]=> string(23) "X-Powered-By: PHP/5.2.6" [1]=> string(21) "Status: 404 Not Found" }
On my host there is no output. I can't seem to generate anything but a blank page regardless of what content is echoed by PHP, or included below as normal HTML, though PHP processing e.g. logging, database writes etc continue as normal.
Can anyone suggest what the problem might be or how to resolve it?

'blank page' smells like error_reporting(0) hiding the error messages you would get. Maybe there is some output before your headers and that raises an error. Check that.

If PHP is configured at your host to run through CGI, it may be impossible to generate 404 error pages in IIS (except by lying and returning 200 OK, which is a Bad Thing). Certainly I've been unable to persuade IIS 4-6.0 to allow my CGI 404 errors through to browsers.
You generally don't want PHP to run CGI anyway, there are other related problems as well as it being slow. On IIS, the PHP ISAPI extension should be preferred (though as I've not tried it I can't confirm it solves this specific problem).

What if you put text after the PHP tags?
Also, make sure your script isn't erroring out on your host, whether checking apache error logs, running php -l on your script or turning error_reporting on and display_errors on.

I have the same problem with PHP 5.2.6 on Linux. I find that the first 8109 bytes are not printed by the web server.
IE6 ignores custom error pages < 512 bytes in length. This could be an explanation for this problem, but probably you have tested in more than one browser anyway.

Check that your host allows you to change headers on the fly with PHP. My host doesn't allow me to set the 404 header through PHP, though other headers (301, content-type) are fine.

My advice is to not set the HTTP/1.1 404 header yourself and let the web server do it for you.
Traditionally, this is done through the Status header, which the web server should take and turn into an HTTP/1.0 or 1.1 404 Not Found header.
(Side Note: The Status header is not a real HTTP header and is used solely to communicate information from an app to the server itself.)