Title: wp_safe_remote_head Published: April 25, 2014 Last modified: February 24, 2026 --- # wp_safe_remote_head( string $url, array $args = array() ): array|󠀁[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/)󠁿 ## In this article * [Description](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#description) - [See also](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#see-also) * [Parameters](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#parameters) * [Return](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#return) * [Source](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#source) * [Related](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#related) * [Changelog](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#changelog) [ Back to top](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#wp--skip-link--target) Retrieves the raw response from a safe HTTP request using the HEAD method. ## 󠀁[Description](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#description)󠁿 This function is ideal when the HTTP request is being made to an arbitrary URL. The URL, and every URL it redirects to, are validated with [wp_http_validate_url()](https://developer.wordpress.org/reference/functions/wp_http_validate_url/) to avoid Server Side Request Forgery attacks (SSRF). The only supported protocols are `http` and `https`. ### 󠀁[See also](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#see-also)󠁿 * [wp_remote_request()](https://developer.wordpress.org/reference/functions/wp_remote_request/): For more information on the response array format. * [WP_Http::request()](https://developer.wordpress.org/reference/classes/WP_Http/request/): For default arguments information. * [wp_http_validate_url()](https://developer.wordpress.org/reference/functions/wp_http_validate_url/): For more information about how the URL is validated. ## 󠀁[Parameters](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#parameters)󠁿 `$url`stringrequired URL to retrieve. `$args`arrayoptional Request arguments. See [WP_Http::request()](https://developer.wordpress.org/reference/classes/wp_http/request/) for information on accepted arguments. Default:`array()` ## 󠀁[Return](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#return)󠁿 array|[WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) The response or [WP_Error](https://developer.wordpress.org/reference/classes/wp_error/) on failure. See [WP_Http::request()](https://developer.wordpress.org/reference/classes/wp_http/request/) for information on return value. ## 󠀁[Source](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#source)󠁿 ```php function wp_safe_remote_head( $url, $args = array() ) { $args['reject_unsafe_urls'] = true; $http = _wp_http_get_object(); return $http->head( $url, $args ); } ``` [View all references](https://developer.wordpress.org/reference/files/wp-includes/http.php/) [View on Trac](https://core.trac.wordpress.org/browser/tags/6.9.4/src/wp-includes/http.php#L139) [View on GitHub](https://github.com/WordPress/wordpress-develop/blob/6.9.4/src/wp-includes/http.php#L139-L143) ## 󠀁[Related](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#related)󠁿 | Uses | Description | | [_wp_http_get_object()](https://developer.wordpress.org/reference/functions/_wp_http_get_object/)`wp-includes/http.php` | Returns the initialized [WP_Http](https://developer.wordpress.org/reference/classes/wp_http/) Object | | Used by | Description | | [wp_get_http_headers()](https://developer.wordpress.org/reference/functions/wp_get_http_headers/)`wp-includes/functions.php` | Retrieves HTTP Headers from URL. | | [discover_pingback_server_uri()](https://developer.wordpress.org/reference/functions/discover_pingback_server_uri/)`wp-includes/comment.php` | Finds a pingback server URI based on the given URL. | ## 󠀁[Changelog](https://developer.wordpress.org/reference/functions/wp_safe_remote_head/?output_format=md#changelog)󠁿 | Version | Description | | [3.6.0](https://developer.wordpress.org/reference/since/3.6.0/) | Introduced. | ## User Contributed Notes You must [log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fdeveloper.wordpress.org%2Freference%2Ffunctions%2Fwp_safe_remote_head%2F) before being able to contribute a note or feedback.