Well, if the code you posted above is practically all there is, then probably header doesn't return a string, but 1 (true) on success and 0 (false) otherwise. Check the module documentation

If that's not the case you would have to post some more code to get an answer to your second question. Or (even better) you could try to find the exact location yourself. Put in some print statements in your code to see where the '1 originates. For example:

print header(-cookie=> $cookie);
print "XX";
[download]

If you see the '1' before 'XX' in your browser, then your call to header produced the '1', otherwise the '1' is generated afterwards.

You might surround all print statements or calls to library routines you suspect of producing the '1' with these print statements (each printing a different string) until you have narrowed down the location of the bug.

On another tangent: Is the string compare in if ($register eq 1) there on purpose ?
To compare numbers one should use == generally.