diff --git a/src/ng/http.js b/src/ng/http.js
index bd07e5d504e6..4a0a70d1f4a5 100644
--- a/src/ng/http.js
+++ b/src/ng/http.js
@@ -11,7 +11,7 @@ function defaultHttpResponseTransform(data, headers) {
     // strip json vulnerability protection prefix
     data = data.replace(JSON_PROTECTION_PREFIX, '');
     var contentType = headers('Content-Type');
-    if ((contentType && contentType.indexOf(APPLICATION_JSON) === 0) ||
+    if ((contentType && contentType.indexOf(APPLICATION_JSON) === 0 && data.trim()) ||
         (JSON_START.test(data) && JSON_END.test(data))) {
       data = fromJson(data);
     }
diff --git a/test/ng/httpSpec.js b/test/ng/httpSpec.js
index db79c8d9a6d1..e4e7f86d28bb 100644
--- a/test/ng/httpSpec.js
+++ b/test/ng/httpSpec.js
@@ -1133,6 +1133,17 @@ describe('$http', function() {
             expect(callback.mostRecentCall.args[0]).toEqual('');
           });
 
+          it('should not attempt to deserialize json for a blank response whose header contains application/json', function() {
+            //per http spec for Content-Type, HEAD request should return a Content-Type header
+            //set to what the content type would have been if a get was sent
+            $httpBackend.expect('GET', '/url').respond(' ', {'Content-Type': 'application/json'});
+            $http({method: 'GET', url: '/url'}).success(callback);
+            $httpBackend.flush();
+
+            expect(callback).toHaveBeenCalledOnce();
+            expect(callback.mostRecentCall.args[0]).toEqual(' ');
+          });
+
           it('should not deserialize tpl beginning with ng expression', function() {
             $httpBackend.expect('GET', '/url').respond('{{some}}');
             $http.get('/url').success(callback);