NO-CL-IN-204

Test IDCOMP-NO-CL-IN-204
CategoryCompliance
RFCRFC 9110 §8.6
RequirementMUST NOT
Expected204 without Content-Length

What it sends

An OPTIONS request to the root path. Some servers respond with 204 No Content, which triggers the validation.

OPTIONS / HTTP/1.1\r\n
Host: localhost:8080\r\n
\r\n

What the RFC says

“A server MUST NOT send a Content-Length header field in any response with a status code of 1xx (Informational) or 204 (No Content).” – RFC 9110 Section 8.6

Why it matters

A 204 No Content response explicitly signals that there is no body. Including Content-Length contradicts this, and some clients or proxies may attempt to read body bytes based on the Content-Length value. On persistent connections, this causes desync — the client reads the next response’s bytes as body data for the 204, corrupting the entire connection. If the server does not return 204 for this request, the test reports a warning since the prohibition cannot be verified.

Sources