I have a php script that uses the php header() function to prepare a header and then outputs an XML file that can be downloaded and saved.
Since there is sensitive information in the XML documents content I want to have it encrypted using SSL.
Is it sufficient to call that script with https or do I need to add special info in the header using the php header() function?
There's nothing you need to set in the header. If the connection was established via SSL, the response will be secure too.
The minutiae of negotiating an SSL connection are handled by the hosting web server (e.g. Apache). The only thing you may want to do in PHP is check whether the current connection is using SSL or not by checking $_SERVER['HTTPS'].