Content-Length header with HEAD requests?

Section 14.13 of the HTTP/1.1 spec detailed the Content-Length header, and says this:

Applications SHOULD use this field to indicate the transfer-length of the message-body, unless this is prohibited by the rules in section 4.4.

The word 'SHOULD' has a very specific meaning in RFCs:

3. SHOULD This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course.

So, you may not always see a Content-Length. Typically you might not see it for any content which is dynamically generated, since that might be too expensive to service an exploratory HEAD request. For example, a HEAD request to Apache for a static file will have a Content-Length, but a request for a PHP script may not.

For example, try this very website...

telnet stackoverflow.com 80 HEAD / HTTP/1.0 Host:stackoverflow.com HTTP/1.1 200 OK Date: Mon, 11 Jan 2016 10:58:25 GMT Content-Type: text/html; charset=utf-8 Connection: close Set-Cookie: __cfduid=c2eb4742a1e02d89cab0402220736c0bd1452509905; expires=Tue, 10-Jan-17 10:58:25 GMT; path=/; domain=.stackoverflow.com; HttpOnly Cache-Control: public, no-cache="Set-Cookie", max-age=36 Expires: Mon, 11 Jan 2016 10:59:02 GMT Last-Modified: Mon, 11 Jan 2016 10:58:02 GMT Vary: * X-Frame-Options: SAMEORIGIN X-Request-Guid: 487e80bc-3783-4cfd-d883-a3bc84253234 Set-Cookie: prov=8dc24306-c067-45eb-bf5d-cffa855c2b03; domain=.stackoverflow.com; expires=Fri, 01-Jan-2055 00:00:00 GMT; path=/; HttpOnly Server: cloudflare-nginx CF-RAY: 26303c15f8e035a2-LHR 

No content-length there.

Yes, the Content-Length of a HEAD response SHOULD, but not always does (see @Paul's answer) include the Content-Length value of a GET response:

Stack Overflow does:

> telnet stackoverflow.com 80 HEAD / HTTP/1.1 Host: stackoverflow.com HTTP/1.1 200 OK Cache-Control: public, max-age=60 Content-Length: 362245 <-------- Content-Type: text/html; charset=utf-8 Expires: Mon, 04 Oct 2010 11:51:49 GMT Last-Modified: Mon, 04 Oct 2010 11:50:49 GMT Vary: * Date: Mon, 04 Oct 2010 11:50:49 GMT 

Google doesn't:

> telnet www.google.com 80 HEAD / HTTP/1.1 Host: www.google.ie HTTP/1.1 200 OK Date: Mon, 04 Oct 2010 11:55:36 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=ISO-8859-1 Server: gws X-XSS-Protection: 1; mode=block Transfer-Encoding: chunked 

Update: As noted in Géry Ogam's answer, the latest spec (RFC 9110: HTTP Semantics) now states that while Content-Length can be omitted, if a server sends Content-Length, it must send the correct value. So this requirement has been strengthened since RFC 7231.

(What it literally says is that the server MUST NOT send Content-Length unless it has the correct value—which amounts to the same thing.)

Contra the accepted answer, section 4.3.2 of RFC 7231 states:

The server SHOULD send the same header fields in response to a HEAD request as it would have sent if the request had been a GET, except that the payload header fields (Section 3.3)

—which is to say, Content-Length, Content-Range, Trailer, and Transfer-Encoding—

MAY be omitted.

This is even weaker than the note on SHOULD in Paul Dixon's answer:

5. MAY This word, or the adjective "OPTIONAL", mean that an item is truly optional. One vendor may choose to include the item because a particular marketplace requires it or because the vendor feels that it enhances the product while another vendor may omit the same item.

So the real answer is, you don't need to include Content-Length, but if you do, you should give the correct value.

The HTTP-spec at W3C states:

If the new field values indicate that the cached entity differs from the current entity (as would be indicated by a change in Content-Length, ...

Which (to me) means it should hold the "correct" value as you would in a GET response.

According to RFC 9110 - HTTP Semantics, the latest HTTP specification published in June 2022,

• section 8.6, paragraph 6:

A server MAY send a Content-Length header field in a response to a HEAD request (Section 9.3.2); a server MUST NOT send Content-Length in such a response unless its field value equals the decimal number of octets that would have been sent in the content of a response if the same request had used the GET method.

• section 9.3.2, paragraph 2:

The server SHOULD send the same header fields in response to a HEAD request as it would have sent if the request method had been GET. However, a server MAY omit header fields for which a value is determined only while generating the content. For example, some servers buffer a dynamic response to GET until a minimum amount of data is generated so that they can more efficiently delimit small responses or make late decisions with regard to content selection. Such a response to GET might contain Content-Length and Vary fields, for example, that are not generated within a HEAD response. These minor inconsistencies are considered preferable to generating and discarding the content for a HEAD request, since HEAD is usually requested for the sake of efficiency.