parlov docs
Oracle ClassesExistence OracleCache Probing416 vs 404 — Range Rejection

416 vs 404 — Range Rejection

A GET request with an unsatisfiable Range header reaches range rejection for an existing target.

Implemented

A GET request with an unsatisfiable Range header reaches range rejection for an existing target. The server identifies the selected representation, evaluates the range against it, and returns 416 Range Not Satisfiable. A nonexistent target terminates at 404 before reaching range rejection semantics.

  • What leaks: 416 confirms the server evaluated the range against the selected representation and rejected it as unsatisfiable. Content-Range may disclose the total length of the selected representation — a two-for-one oracle (existence plus size). This is a SHOULD-level route to 416. RFC 9110 defines range handling only for GET.

206 vs 404 — Range Fulfillment

A GET request with a satisfiable Range header reaches range evaluation for an existing target.

406 vs 404 — Negotiation Failure

A request with unsatisfiable proactive negotiation headers reaches negotiation evaluation for an existing target.