Printing \n\n at the end of one of your headers tells the browser that you've finished sending headers so the line printed to the browser by your $query->header(); call will be interpreted as content.

As long as you're using the CGI header method anyway, why not just let it handle the content type with -type => 'text/html', e.g.:

print $query->header(-cookie => $cookie, -type => 'text/html');
[download]