HTTP 411 Length Required — What It Means & How to Fix
HTTP 411 Length Required means the server refuses to accept the request without a defined Content-Length header — required for POST/PUT with body.
What It Means
The HTTP 411 Length Required status code is the server’s way of saying: “I need to know the size of the request body before I can process it.” The server requires a Content-Length header in the request, and the client did not provide one. This is typically enforced for requests with a body — POST, PUT, and PATCH — where the server needs to allocate resources or validate the payload size before processing.
The Content-Length header is a critical piece of HTTP metadata. It tells the server exactly how many bytes to expect in the request body. Without it, the server either has to read until the connection closes (which prevents connection reuse) or use chunked transfer encoding. Some servers and firewalls reject requests that have a body but no Content-Length as a security measure against HTTP request smuggling or slow-loris attacks.
This is different from a missing body — 411 means the server knows there is a body (detected by the method or other headers) but cannot determine its size. The fix is almost always to add the correct Content-Length header to the request.
When It’s Sent
- Missing Content-Length on POST — a POST request with a body but no
Content-Lengthheader - Strict server configuration — a security-hardened server that requires
Content-Lengthfor all requests - Load balancer or proxy enforcement — an intermediate proxy that validates request headers before forwarding
- Firewall or WAF rules — a Web Application Firewall that blocks requests without
Content-Length - Chunked encoding not supported — the server does not support
Transfer-Encoding: chunkedand requires fixed-length bodies
Real Example
curl -v -X POST \
-H "Content-Type: application/json" \
--data-raw '{"name":"Test"}' \
-H "Transfer-Encoding: chunked" \
https://api.example.com/itemsIf the server does not support chunked encoding:
> POST /items HTTP/1.1
> Host: api.example.com
> Content-Type: application/json
> Transfer-Encoding: chunked
>
< HTTP/1.1 411 Length Required
< Content-Type: text/html
< Content-Length: 168
<
<html>
<head><title>411 Length Required</title></head>
<body>
<h1>Length Required</h1>
<p>A Content-Length header is required for this request.</p>
</body>
</html>Adding the Content-Length header fixes it:
curl -v -X POST \
-H "Content-Type: application/json" \
-H "Content-Length: 16" \
-d '{"name":"Test"}' \
https://api.example.com/itemsHow to Debug
Client-Side
- Add Content-Length header — calculate the body size in bytes and set it explicitly
- Let your HTTP library handle it — most libraries (curl, Python requests, fetch) set
Content-Lengthautomatically - Avoid chunked encoding — use a fixed-length body instead of
Transfer-Encoding: chunkedwhere possible - Check for middleware stripping headers — some proxy software may remove
Content-Length - Verify the request has a body — a GET or DELETE request doesn’t need
Content-Lengthunless there’s a body
Server-Side
- Check server configuration — review web server settings that enforce
Content-Length - Verify middleware and security tools — WAF rules, rate limiters, and request validators may require
Content-Length - Support chunked encoding — if clients send chunked requests, ensure the server can handle them
- Review error logs — look for the specific paths and methods triggering the
411 - Test with and without Content-Length — isolate whether the issue is on the client or server side
curl
# See the error (no Content-Length sent manually, but curl adds it by default for -d)
curl -v -X POST -H "Content-Type: application/json" \
-H "Transfer-Encoding: chunked" \
-d '{"test":"data"}' https://example.com/api
# Force curl to omit Content-Length by using -T with a file
echo '{"test":"data"}' | curl -v -X POST -H "Content-Type: application/json" \
-T - https://example.com/apiPostman
Postman automatically includes Content-Length for requests with a body. To test a missing header, go to the Headers tab and remove Content-Length (Postman adds it automatically for body requests — you may need to use the bulk edit mode or a manual HTTP client to simulate the missing header).
Common Causes
| Scenario | What Happens | Why It Matters |
|---|---|---|
| Body without Content-Length | Server cannot determine request size | Request is rejected before processing |
| Chunked encoding unsupported | Server requires fixed-length bodies | Must switch to Content-Length-based requests |
| Reverse proxy stripping headers | Proxy removes Content-Length | Check proxy configuration to preserve headers |
| WAF enforcement | Firewall requires Content-Length for security | Add the header or adjust WAF rules |
| HTTP/1.0 client | Older clients may omit Content-Length | Upgrade client or configure server to accept chunked |
FAQ
Related Codes
- HTTP 400 Bad Request — general client error when headers are malformed
- HTTP 413 Payload Too Large — the body exceeds the server’s size limit
- HTTP 415 Unsupported Media Type — the Content-Type is not supported
- HTTP 500 Internal Server Error — server error that may occur if Content-Length processing fails
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro