parlov docs
Oracle ClassesExistence OracleStatus Code DiffHEADForcing 304 Not Modified

Forcing 304 Not Modified

Per RFC 9110 §13.1.2, when a HEAD request includes If-None-Match wildcard, the condition evaluates to false if any current representation exists.

Implemented

Mechanism: Per RFC 9110 §13.1.2, when a HEAD request includes If-None-Match: *, the condition evaluates to false if any current representation exists — the server responds 304. If the resource doesn't exist, the server returns 404.

Isolated Variable: Only the If-None-Match: * header is added.

Oracle Signal: 304 (exists) vs 404 (does not exist).

HEAD — Existing Resource

HEAD /api/users/1001 HTTP/1.1
Host: target.com
If-None-Match: *

HTTP/1.1 304 Not Modified
ETag: "a1b2c3d4"

HEAD — Non-Existing Resource

HEAD /api/users/9999 HTTP/1.1
Host: target.com
If-None-Match: *

HTTP/1.1 404 Not Found

💡 Bandwidth efficiency: 304 responses have no body, and HEAD responses never have a body. This makes If-None-Match: * + HEAD the most bandwidth-efficient existence oracle — the entire response is just the status line and a few headers.

Mitigation: Inherent to HTTP conditional request semantics. Require authentication before evaluating conditional headers.

HEAD

Status code differentials observed via HEAD requests.

Forcing 3xx Redirects

Servers enforcing canonical URL forms must resolve the resource before determining the canonical form.