..

This

0% [Waiting for headers]

error was bugging me.

Turns out the firewall needs to NOT have the ESTABLISHED rule set for www traffic.

This:
iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP –sport 513:65535 –dport 80 -m state –state NEW,ESTABLISHED -j ACCEPT

needs to look like This:
iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP –sport 513:65535 –dport 80 -m state –state NEW -j ACCEPT

which basically allows the firewall to distinguish between related traffic coming back, and new connections to the web server