What would cause links on a webpage to have HEAD requests sent to them, by a real, logged-in user?
Basically, a custom-built forum is having trouble with a moderator who is banning people and deleting posts... Except it's an extremely well-intentioned user, and for various reasons, we're positive it's not malice, and we're also positive no one else is accessing the account.
The links to do these actions are AJAX-ified links that fire a GET request on the backend. We should rewrite these to use a POST so this isn't an issue, but that's not my question, nor is what to do about this user.
What's happening is that her browser is firing HEAD requests for these links, which causes our code to perform the actions and then respond to the HEAD request. Until we can fix them to use a POST so this doesn't happen, I'm interested in what might be sending these HEAD requests. I initially thought it might be a download accelerator, but it would want the full body to cache. What could it be?
this could be caused by prefetching - the browser tries to get some information about the resource just in case the user clicks through - designed to speed up browsing (i'm not an expert on browser behaviour but it looks like that is what's happening).