Forum Discussion
NimbostratusUser Agent: Linux and Request Method: HEAD
NimbostratusYou tagged the question as ASM, so I am assuming you have ASM.
ASM allows HEAD by default, if you allow in your server or not is the main question.
HEAD is considered a safe method:
https://en.wikipedia.org/wiki/Hypertext_Transfer_ProtocolRequest_methods
"Safe methods
Some of the methods (for example, HEAD, GET, OPTIONS and TRACE) are, by convention, defined as safe, which means they are intended only for information retrieval and should not change the state of the server. In other words, they should not have side effects, beyond relatively harmless effects such as logging, caching, the serving of banner advertisements or incrementing a web counter. Making arbitrary GET requests without regard to the context of the application's state should therefore be considered safe. However, this is not mandated by the standard, and it is explicitly acknowledged that it cannot be guaranteed."
From a security point of view, I don't see why not allow HEAD method.
