I have a static blog/site and I'm wondering if there are any negative implications of disallowing/disabling HEAD requests within my Nginx conf? For example: would it break the site with certain web browser? Are their any security implications with disabling HEAD requests?
Asked
Active
Viewed 1,120 times
0
-
You will get a lot of opionions on this. For a blog, you should be fine to disable everything except `GET` and `POST` (for your comment section) – Aaron Jun 23 '17 at 02:54
-
Your blog will also work fine if you disable pictures. And it will be really fast if it has no content. But both of those would be just stupid - kind of like disabling HEAD requests for no good reason. – Barry Pollard Jun 23 '17 at 07:34
1 Answers
1
There's no real benefit to disallowing HEAD requests. Clients can use this to check if their cache is up to date. Disabling it will most likely cause them to retry with a GET. HEAD is used often enough though that I'm curious why you want to block it.
Jason Martin
- 4,865
- 15
- 24