tags:

views:

38

answers:

3
+1  Q: 

Content-Length header with HEAD requests?

The http spec says about the HEAD request:

The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. The metainformation contained in the HTTP headers in response to a HEAD request SHOULD be identical to the information sent in response to a GET request.

Should the response to a HEAD request contain a Content-Length header? Should it be the value which would be returned on a GET request, even if there is no response body? Or should the Content-Length be 0?

+1  A: 

The HTTP-spec at W3C states:

If the new field values indicate that the cached entity differs from the current entity (as would be indicated by a change in Content-Length, ...

Which (to me) means it should hold the "correct" value as you would in a GET response.

mbanzon  2010-10-04 11:38:12
+2  A: 

Yes, the Content-Length of a HEAD response SHOULD, but not always does (see @Paul's answer) include the Content-Length value of a GET response:

Stack Overflow does:

> telnet stackoverflow.com 80
HEAD / HTTP/1.1
Host: stackoverflow.com


HTTP/1.1 200 OK
Cache-Control: public, max-age=60
Content-Length: 362245                           <--------
Content-Type: text/html; charset=utf-8
Expires: Mon, 04 Oct 2010 11:51:49 GMT
Last-Modified: Mon, 04 Oct 2010 11:50:49 GMT
Vary: *
Date: Mon, 04 Oct 2010 11:50:49 GMT

Google doesn't:

> telnet www.google.com 80
HEAD / HTTP/1.1
Host: www.google.ie


HTTP/1.1 200 OK
Date: Mon, 04 Oct 2010 11:55:36 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Server: gws
X-XSS-Protection: 1; mode=block
Transfer-Encoding: chunked
Daniel Vassallo  2010-10-04 11:39:41
I think you're seeing the Content length of the error message you get for not using HTTP/1.0. If you send a proper 1.0 HEAD request, you do not get a content length. I tried this on a local apache instance also, and again, no content length was returned.
Paul Dixon  2010-10-04 11:47:54
@Paul: Fixed my malformed request. I still get a `Content-Length` however, as I should. Even when using `HTTP/1.0`: http://i.imgur.com/iq9bm.jpg
Daniel Vassallo  2010-10-04 11:53:28
Yes, the StackOverflow IIS servers do send it. Google doesn't though.
Paul Dixon  2010-10-04 11:58:32
@Paul: Interesting. Google doesn't send it for 200 responses though. I get it for all the other return codes: 301, 302, 400, etc. +1 for finding the proper definition of "SHOULD" :)
Daniel Vassallo  2010-10-04 12:06:33
+1  A: 

Section 14.13 of the HTTP/1.1 spec detailed the Content-Length header, and says this:

Applications SHOULD use this field to indicate the transfer-length of the message-body, unless this is prohibited by the rules in section 4.4.

The word 'SHOULD' has a very specific meaning in RFCs:

  1. SHOULD This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course.

So, you may not always see a Content-Length. Typically you might not see it for any content which is dynamically generated, since that might be too expensive to service an exploratory HEAD request. For example, a HEAD request to Apache for a static file will have a Content-Length, but a request for a PHP script may not.

For example, try Google...

telnet www.google.com 80
HEAD / HTTP/1.0
Host:www.google.co.uk


HTTP/1.0 200 OK
Date: Mon, 04 Oct 2010 11:56:02 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=ISO-8859-1
Server: gws
X-XSS-Protection: 1; mode=block

No content-length there.

Paul Dixon  2010-10-04 11:57:05

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.