I am looking at my asp.net mvc site and considering blocking the HEAD verb in IIS from accessing the site.
I don't see why such requests are needed or being used at present.
Why would HEAD requests be required on a site?
The comment posted above is correct. As far as I know, HEAD
request are made by the browser for checking things like...do I need to download this again, is the page still there, etc. Basically, if the browser wants to know about a page without downloading the entire page, it will issue a HEAD
request. So, in short, they are not a harmful thing to be happening.
However, if you want to block these, you can do so in your web.config by using the following syntax (taken from MSDN/IIS)
<configuration>
<system.webServer>
<security>
<requestFiltering>
<verbs applyToWebDAV="false">
<add verb="HEAD" allowed="false" />
</verbs>
</requestFiltering>
</security>
</system.webServer>
</configuration>
However, I think this is an atypical setup and you may want to test your site for performance /breaks across multiple browsers before turning this on for a production facing site.