GET and HEAD…hmmm

Let’s fire up Burpsuite to see if we can examine these requests further. When we do a normal GET request nothing strange happens here.

Let’s try switching the GET method for the HEAD method, which I think would only give us less data, but the name of the challenge, I think, might be pointing us in that direction.

The flag appears in the header response

Question: Is this an accurate reflection of a real-life scenario? Does HEAD ever tell us something additional that GET doesn’t give?