HEAD
Retrieving response metadata without transferring the body is the purpose of the HTTP HEAD method. The response is identical to a GET response except the server omits the message body.
Usage
A HEAD request retrieves metadata about a resource: size, type, freshness, and existence. The server processes the request exactly as a GET but stops before transmitting the body. All response headers, including Content-Length and Content-Type, match those of a full GET response.
Properties
| Property | Value |
|---|---|
| Safe | Yes |
| Idempotent | Yes |
| Cacheable | Yes |
Common use cases
Link validation. Automated tools send HEAD requests to verify URLs return 200 without downloading full pages. Broken links surface as 404 or 410 responses.
Monitoring and health checks. Uptime monitors probe endpoints with HEAD to confirm availability. The smaller response size reduces bandwidth and speeds up polling intervals.
Content negotiation probing. Clients inspect Content-Type, Content-Encoding, and Content-Language headers before deciding whether to fetch the full resource.
Cache validation. A HEAD response carrying ETag or Last-Modified allows caches to check freshness without downloading the body. If the HEAD response headers indicate a cached copy is stale, the cache marks the entry accordingly.
Download size estimation. File managers and download tools read Content-Length from a HEAD response to display file size or allocate disk space before starting the transfer.
Note
A request body in a HEAD request has no generally defined semantics. Some implementations reject HEAD requests carrying a body. Including a body risks triggering request smuggling vulnerabilities in intermediaries misparsing the message framing.
Example
A HEAD request to check whether a resource exists and inspect the response headers. The server returns 200 with content metadata but no body.
Request
HEAD /report.pdf HTTP/1.1
Host: www.example.re
Response
HTTP/1.1 200 OK
Content-Type: application/pdf
Content-Length: 284750
Last-Modified: Mon, 10 Feb 2025 08:30:00 GMT
ETag: "f47ac10b"
The Content-Length header reveals the file is roughly 278 KB. The Last-Modified and ETag headers provide validators for conditional requests on subsequent fetches.
CORS
HEAD is a CORS-safelisted method. Cross-origin HEAD requests do not trigger a preflight request, following the same safelisted behavior as GET.
HEAD vs GET
HEAD returns the same headers as GET but omits the response body entirely. This makes HEAD faster and more bandwidth-efficient for tasks that only need metadata.
Common applications include checking whether a resource exists, reading Content-Length for file size, inspecting Last-Modified dates, and obtaining cache validators like ETag without downloading the full resource.
Some servers implement HEAD by running the full GET handler internally and stripping the body before sending the response. In those cases the performance benefit is limited to the saved transfer time for the body bytes alone.
HEAD responses also update cached GET responses. When a cache sends a HEAD request and the returned validators match a stored GET entry, the cache refreshes the stored headers accordingly.
See also
- RFC 9110: HTTP Semantics
- GET
- OPTIONS
- Content negotiation
- Conditional requests
- Caching
- HTTP methods
- HTTP headers