Yahoo! YSlow recommends removing Entity tags – also known as ETag. Unfortunately removing the ETag response header is not an easy task on Windows Server IIS web servers. Here I show you how to properly remove ETag HTTP response headers with an Outbound rewrite rule…
How to remove the ETag response header in IIS as Yahoo! YSlow recommends?
Entity Tags (ETags) are commonly used in Web applications to effectively leverage the use of web farms, which is a non-fancy term for HTTP/S load balancing. In web farms, a common practice is to set what is called ETags headers, as it helps enhance performance in web farm scenarios.
You might expect you can easily remove Entity tags, or Etag headers, by using
<remove name="ETag" /> in the
customHeaders node of the web.config configuration file.
<httpProtocol> <customHeaders> <remove name="ETag"/> </customHeaders> </httpProtocol>
or by setting its value to an empty string:
<httpProtocol> <customHeaders> <remove name="ETag"/> <add name="ETag" value=" "/> </customHeaders> </httpProtocol>
<httpProtocol> <customHeaders> <remove name="ETag"/> <add name="ETag" value="""" /> </customHeaders> </httpProtocol>
customHeaders are ignored…
Luckily you can use an IIS URL Rewrite Outbound Rule to rewrite, and remove, the ETags response header. And here is how.
You have to use an Outbound Rule to remove Etag headers. Use the following URL Rewrite Outbound Rule in your web.config, to remove the ETag header:
<outboundRules> <rule name="Remove ETag"> <match serverVariable="RESPONSE_ETag" pattern=".+" /> <action type="Rewrite" value="" /> </rule> </outboundRules>
It’s pretty straight forward what this rule does, no need to explain.
Thanks to NathanFox.net for sharing this information.
If you have administrator access to the IIS web server and you want to completely disable Etag headers, then you can do so in your IIS
applicationHost.config configuration file.
Since IIS 8.0 you have an updated IIS_schema.xml file, with the following contents:
<sectionSchema name="system.webServer/staticContent"> <element name="clientCache"> <attribute name="cacheControlMode" type="enum" defaultValue="NoControl"> <enum name="NoControl" value="0" /> <enum name="DisableCache" value="1" /> <enum name="UseMaxAge" value="2" /> <enum name="UseExpires" value="3" /> </attribute> <attribute name="cacheControlMaxAge" type="timeSpan" defaultValue="1.00:00:00" /> <attribute name="httpExpires" type="string" /> <attribute name="cacheControlCustom" type="string" /> <attribute name="setEtag" type="bool" defaultValue="true" /> </element>
You can find IIS_schema.xml in the folder
C:\Windows\System32\inetsrv\config\schema. This means you can add the following in your
<clientCache setEtag="false" />
And for a website level, you can add it to your web.config file as well.
When you’ve already have an entry for
clientCache, you can just add in the
setEtag attribute within the element:
<staticContent> <clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="14.00:00:00" setEtag="false" /> </staticContent>
To add some extra information regarding Etag headers and clusters:
In a High-Available, Failover IIS cluster, you need Etag headers. This header makes sure the web servers always sends the correct version of a file. So, don’t remove etag headers unless you are sure your website is not hosted on a high-availability cluster.
The ETag header is used for web cache validation, and enables a Web server to not have to send a full response if no changes have been made to the content. setEtag can be set in the Configuration Editor in the path
If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ($5 USD for example). And please share the love and help others make use of this website. Thank you very much!
My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.
How to: Determine which .NET Framework versions are installed
WsusPool keeps crashing: stops again and again
3 Important security measurements for Windows Server & IIS
Enable NTFS long paths in Windows Server 2016 by Group Policy
The WinCache effect: Save with object caching
Tips to speed up WordPress, serve gzip compressed static HTML files