wp_safe_remote_head( string $url, array $args = array() ): array|WP_Error

Retrieve the raw response from a safe HTTP request using the HEAD method.


This function is ideal when the HTTP request is being made to an arbitrary URL. The URL is validated to avoid redirection and request forgery attacks.

Top ↑

See also

Top ↑


$url string Required
URL to retrieve.
$args array Optional
Request arguments.
See WP_Http::request() for information on accepted arguments.
More Arguments from WP_Http::request( ... $args ) Array or string of HTTP request arguments.
  • method string
    Request method. Accepts 'GET', 'POST', 'HEAD', 'PUT', 'DELETE', 'TRACE', 'OPTIONS', or 'PATCH'.
    Some transports technically allow others, but should not be assumed. Default 'GET'.
  • timeout float
    How long the connection should stay open in seconds. Default 5.
  • redirection int
    Number of allowed redirects. Not supported by all transports.
    Default 5.
  • httpversion string
    Version of the HTTP protocol to use. Accepts '1.0' and '1.1'.
    Default '1.0'.
  • user-agent string
    User-agent value sent.
    Default 'WordPress/' . get_bloginfo( 'version' ) . '; ' . get_bloginfo( 'url' ).
  • reject_unsafe_urls bool
    Whether to pass URLs through wp_http_validate_url() .
    Default false.
  • blocking bool
    Whether the calling code requires the result of the request.
    If set to false, the request will be sent to the remote server, and processing returned to the calling code immediately, the caller will know if the request succeeded or failed, but will not receive any response from the remote server. Default true.
  • headers string|array
    Array or string of headers to send with the request.
  • cookies array
    List of cookies to send with the request.
  • body string|array
    Body to send with the request. Default null.
  • compress bool
    Whether to compress the $body when sending the request.
    Default false.
  • decompress bool
    Whether to decompress a compressed response. If set to false and compressed content is returned in the response anyway, it will need to be separately decompressed. Default true.
  • sslverify bool
    Whether to verify SSL for the request. Default true.
  • sslcertificates string
    Absolute path to an SSL certificate .crt file.
    Default ABSPATH . WPINC . '/certificates/ca-bundle.crt'.
  • stream bool
    Whether to stream to a file. If set to true and no filename was given, it will be dropped it in the WP temp dir and its name will be set using the basename of the URL. Default false.
  • filename string
    Filename of the file to write to when streaming. $stream must be set to true. Default null.
  • limit_response_size int
    Size in bytes to limit the response to. Default null.

Default: array()

Top ↑


array|WP_Error The response or WP_Error on failure.

Top ↑


File: wp-includes/http.php. View all references

function wp_safe_remote_head( $url, $args = array() ) {
	$args['reject_unsafe_urls'] = true;
	$http                       = _wp_http_get_object();
	return $http->head( $url, $args );

Top ↑


Version Description
3.6.0 Introduced.

Top ↑

User Contributed Notes

You must log in before being able to contribute a note or feedback.