Per Yahoo\'s best practices for high performance web sites, I\'d like to remove Etags from my headers (I\'m manually managing all my caching and have no need for Etags... an
Under IIS7 the Etag change number (the part of the Etag following : ) is always set to 0.
Hence the Etag from the server no longer varies from server to server for the same file and therefore the Yahoo best practice no longer really applies.
Since you can't actually suppress the ETag header on IIS7 it would probably be best that you don't fiddle with it at all. I've found by far the most useful configuration rule is "If the default doesn't break something, leave it alone".
By the way, when you use iis8 it's simple
<element name="clientCache">
<attribute name="cacheControlMode" type="enum" defaultValue="NoControl">
<enum name="NoControl" value="0" />
<enum name="DisableCache" value="1" />
<enum name="UseMaxAge" value="2" />
<enum name="UseExpires" value="3" />
</attribute>
<attribute name="cacheControlMaxAge" type="timeSpan" defaultValue="1.00:00:00" />
<attribute name="httpExpires" type="string" />
<attribute name="cacheControlCustom" type="string" />
<attribute name="setEtag" type="bool" defaultValue="true" />
</element>
IIS 8.0: To use or not to use ETag
http://www.jesscoburn.com/archives/2008/10/02/quickly-configure-or-disable-etags-in-iis7-or-iis6/ has a nice pictorial guide.
Essentially, you create a custom response header named ETag and make its value empty.
You would think doing this in the web.config would work to disable ETags in IIS7. But sniffer trace confirms that ETag is sent down anyway.
<httpProtocol>
<customHeaders>
<remove name="ETag" />
</customHeaders>
</httpProtocol>
Using blank doesn't work, either. ETag is sent down anyway.
<httpProtocol>
<customHeaders>
<add name="ETag" value="" />
</customHeaders>
</httpProtocol>
Setting the ETag to blank quotes as other sites have suggested doesn't work.
<httpProtocol>
<customHeaders>
<add name="ETag" value="""" />
</customHeaders>
</httpProtocol>
Causes even more ETag to be sent down:
ETag: "8ee1ce1acf18ca1:0",""
In conclusion, nothing I can try or think of works to kill ETag on IIS7, at least without writing custom modules, etc.
I wrote a custom http module to handle this. It's really not as bad as it sounds. Here's the code:
using System;
using System.Web;
namespace StrongNamespace.HttpModules
{
public class CustomHeaderModule : IHttpModule
{
public void Init(HttpApplication application)
{
application.PostReleaseRequestState += new EventHandler(application_PostReleaseRequestState);
}
public void Dispose()
{
}
void application_PostReleaseRequestState(object sender, EventArgs e)
{
HttpContext.Current.Response.Headers.Remove("Server");
HttpContext.Current.Response.Headers.Remove("X-AspNet-Version");
HttpContext.Current.Response.Headers.Remove("ETag");
}
}
}
Here's the web.config changes you'll want:
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
</customHeaders>
</httpProtocol>
<modules>
<add name="CustomHeaderModule" type="StrongNamespace.HttpModules.CustomHeaderModule"/>
</modules>
</system.webServer>
</configuration>
UPDATE: added URL Rewrite Module requirement thanks to user @ChrisBarr
In iis 6 it's easy, you can add a custom header for 'ETag' = ""
In IIS 7, after reading this thread and figuring that it was impossible without using a custom http module, I found that you can simply install Microsoft's URL Rewrite module and add an outbound rewrite rule as follows:
<outboundRules>
<rule name="Remove ETag">
<match serverVariable="RESPONSE_ETag" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
This actually works, and you don't need a custom http module (dll). Unlocking the system.webServer configuration section and setting customHeaders, etc., does not work - at least in all the cases I tried. A simple outbound rewrite rule does.