Description
HEAD says
A content within a HEAD request message has no defined semantics; sending content in a HEAD request might cause some existing implementations to reject the request.
whereas the new text for GET is
A client SHOULD NOT generate content in a GET request. Content received in a GET request has no defined semantics, cannot alter the meaning or target of the request, and might lead some implementations to reject the request and close the connection because of its potential as a request smuggling attack (Section 11.2 of [Messaging]).
and similarly for DELETE. We should update HEAD as well to be
A client SHOULD NOT generate content in a HEAD request. Content received in a HEAD request has no defined semantics, cannot alter the meaning or target of the request, and might lead some implementations to reject the request and close the connection because of its potential as a request smuggling attack (Section 11.2 of [Messaging]).