---
title: >-
  Deprecation of POST requests without a Content-Length or Transfer-Encoding:
  chunked header - Shopify developer changelog
description: >-
  Shopify’s developer changelog documents all changes to Shopify’s platform.
  Find the latest news and learn about new platform opportunities.
source_url:
  html: >-
    https://shopify.dev/changelog/deprecation-of-post-requests-without-a-content-length-or-transfer-encoding-chunked-header
  md: >-
    https://shopify.dev/changelog/deprecation-of-post-requests-without-a-content-length-or-transfer-encoding-chunked-header.md
metadata:
  effectiveApiVersion: null
  affectedApi:
    - displayName: Admin GraphQL API
      handle: admin-graphql
    - displayName: Admin REST API
      handle: admin-rest
    - displayName: Customer Account API
      handle: customer-account-graphql
    - displayName: Payments Apps API
      handle: payments-apps-api
    - displayName: Storefront GraphQL API
      handle: storefront-graphql
    - displayName: Webhook
      handle: webhook
  primaryTag:
    displayName: API
    handle: api
  secondaryTag:
    displayName: Deprecation Announcement
    handle: deprecation
  indicatesActionRequired: true
  createdAt: '2025-06-27T16:58:11-04:00'
  postedAt: '2025-06-28T12:00:00-04:00'
  updatedAt: '2025-06-27T17:08:13-04:00'
  effectiveAt: '2025-06-28T12:00:00-04:00'
---

June 28, 2025

Tags:

* Action Required
* Admin GraphQL API
* Admin REST API
* Customer Account API
* Payments Apps API
* Storefront GraphQL API
* Webhook

# Deprecation of POST requests without a Content-Length or Transfer-Encoding: chunked header

We're making changes to our HTTP/1.0 and HTTP/1.1 request handling to improve security and compliance with web standards. Starting August 1, 2025, all POST requests to Shopify APIs must include either a Content-Length header or Transfer-Encoding: chunked header, or they'll return an HTTP 411 error.

**What you need to do**

Update your client libraries and API integrations to ensure all POST requests include one of these headers:

* `Content-Length`: Specifies the exact size of the request body in bytes
* `Transfer-Encoding: chunked`: Indicates the request body is sent in chunks

Most modern HTTP client libraries automatically include these headers, but some custom implementations or older libraries might not.

**Why we're making this change**

This change aligns with HTTP/1.1 standards (RFC 7230) and helps prevent potential security vulnerabilities related to request smuggling attacks. It ensures consistent request handling across our infrastructure.