Our software is using Content-length to validate the authorize.net response.  Starting last Thursday our clients started getting failures in our software due to responses not being processed correctly.  Today most of our clients report the problem.  The difference between last week and now is that the http response header has changed and no long includes Content-length.  

Does anyone know about these changes and if the are permanent?

Here’s the header from a recent  request:

HTTP/1.1 200 OK

Cache-Control: no-cache

Pragma: no-cache

Content-Type: text/html; charset=ISO-8859-1

Expires: -1

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

x-DCD-RequestId: 693e594b-b1cf-434d-8373-f374245b37e3

DCDRefID:

DCDCalculatedDCDecision: 0-OCCEX

DCDEffectiveDCDecision: 0-OCCEX

DCDOperationMode: Selective

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Date: Mon, 04 Apr 2016 22:58:31 GMT

Connection: close

Here’s the header from a request received last week:

HTTP/1.1 200 OK

Cache-Control: private, must-revalidate, max-age=0

Content-Length: 292

Content-Type: text/html

Expires: Tue, 01 Jan 1980 00:00:00 GMT

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Date: Mon, 28 Mar 2016 22:36:32 GMT

Connection: close