What is the HEAD request? Is this something I should be worried about?

I check my custom logs and I see this:

[REDACTED IP],[REDACTED IP],[REDACTED IP],[REDACTED IP] - GET .
[REDACTED IP],undefined,[REDACTED IP] - GET .
[REDACTED IP],[REDACTED IP],[REDACTED IP] - HEAD .

What is the HEAD request, and should I be worried?

A head request is a request to get the “headers” of a website. Headers are information a server gives the client that tells the client (browser, cURL) information about the website, how to display the website, and more. Sending a HEAD request to Glitch returns this:

$ curl -I https://glitch.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Length: 4345
Connection: keep-alive
Date: Mon, 11 Jan 2021 23:26:34 GMT
X-Powered-By: Express
Strict-Transport-Security: max-age=2628000; includeSubDomains; preload
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy: base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report; frame-ancestors https://glitch.com https://glitch.development
X-Content-Security-Policy: base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report; frame-ancestors https://glitch.com https://glitch.development
X-WebKit-CSP: base-uri 'self'; report-uri https://csp-reporting-server.glitch.me/report; frame-ancestors https://glitch.com https://glitch.development
X-Frame-Options: DENY
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Tue, 05 Jan 2021 21:43:38 GMT
ETag: W/"10f9-176d4816310"
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Via: 1.1 aa68d5eaf078dffca4154e55039dbb84.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: PHL50-C1
X-Amz-Cf-Id: r4jVzGUaphV-iSgXd0sMC8C-C_kgQa3nu1uJGqqRH_KapqoK6d7VMQ==
Age: 23

I hope this helps! But check the IP that sent the HEAD request on abuseipdb.com, sometimes scanners will use them.

2 Likes