security tracker should support HEAD method

$ curl -I http://127.0.0.1:10605/
HTTP/1.0 501 Unsupported method ('HEAD')
Server: BaseHTTP/0.3 Python/2.7.15
Date: Fri, 06 Jul 2018 13:19:20 GMT
Connection: close
Content-Type: text/html

That makes debugging kind of a pain.