We are talking CGI here, not HTTP.
A Location header is the proper CGI response,
it's up to the web server to turn the CGI response
into an HTTP response.
You aren't terminating your emitted lines with a CR LF
either - the server takes care of such details.