parlov docs
Oracle ClassesExistence OracleStatus Code DiffHEADForcing 3xx Redirects

Forcing 3xx Redirects

Servers enforcing canonical URL forms must resolve the resource before determining the canonical form.

Implemented

Mechanism: Servers enforcing canonical URL forms must resolve the resource before determining the canonical form. Non-existing resources return 404 instead of redirecting.

Isolated Variable: Only the path format changes (trailing slash, case).

Oracle Signal: 301/302 (exists) vs 404 (does not exist).

HEAD — Existing Resource (Trailing Slash)

HEAD /api/users/1001/ HTTP/1.1
Host: target.com
Authorization: Bearer valid-token

HTTP/1.1 301 Moved Permanently
Location: /api/users/1001

vs. 404 Not Found for /api/users/9999/.

💡 HEAD + redirect = zero-body oracle chain: HEAD requests combined with redirect probing produce no response body at any stage. The entire signal is in the status code and Location header.

Mitigation: Perform path canonicalization at the routing layer before resource resolution.

Forcing 304 Not Modified

Per RFC 9110 §13.1.2, when a HEAD request includes If-None-Match wildcard, the condition evaluates to false if any current representation exists.

Forcing 406 Not Acceptable

Per RFC 9110 §12.5.6, a server performing proactive content negotiation may send 406 when it cannot produce a representation matching the Accept value.