Menu
Under IIS7 the Etag change number (the part of the Etag following : ) is always set to 0.
Hence the Etag from the server no longer varies from server to server for the same file and therefore the Yahoo best practice no longer really applies.
Since you can't actually suppress the ETag header on IIS7 it would probably be best that you don't fiddle with it at all. I've found by far the most useful configuration rule is "If the default doesn't break something, leave it alone".
You would think doing this in the web.config would work to disable ETags in IIS7. But sniffer trace confirms that ETag is sent down anyway.
<httpProtocol>
<customHeaders>
<remove name="ETag" />
</customHeaders>
</httpProtocol>
Using blank doesn't work, either. ETag is sent down anyway.
<httpProtocol>
<customHeaders>
<add name="ETag" value="" />
</customHeaders>
</httpProtocol>
Setting the ETag to blank quotes as other sites have suggested doesn't work.
<httpProtocol>
<customHeaders>
<add name="ETag" value="""" />
</customHeaders>
</httpProtocol>
Causes even more ETag to be sent down:
ETag: "8ee1ce1acf18ca1:0",""
In conclusion, nothing I can try or think of works to kill ETag on IIS7, at least without writing custom modules, etc.
I wrote a custom http module to handle this. It's really not as bad as it sounds. Here's the code:
using System;
using System.Web;
namespace StrongNamespace.HttpModules
{
public class CustomHeaderModule : IHttpModule
{
public void Init(HttpApplication application)
{
application.PostReleaseRequestState += new EventHandler(application_PostReleaseRequestState);
}
public void Dispose()
{
}
void application_PostReleaseRequestState(object sender, EventArgs e)
{
HttpContext.Current.Response.Headers.Remove("Server");
HttpContext.Current.Response.Headers.Remove("X-AspNet-Version");
HttpContext.Current.Response.Headers.Remove("ETag");
}
}
}
Here's the web.config changes you'll want:
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<remove name="X-Powered-By"/>
</customHeaders>
</httpProtocol>
<modules>
<add name="CustomHeaderModule" type="StrongNamespace.HttpModules.CustomHeaderModule"/>
</modules>
</system.webServer>
</configuration>
I realize this is an old question, but I came across it while searching for a solution. I think I found a reasonable answer which I posted for this question.
We had this problem, and even setting a blank custom ETag header in IIS 7 was not working for all files (for example image files). We ended up creating an HttpModule that explicitly removes the ETag header.
UPDATE: added URL Rewrite Module requirement thanks to user @ChrisBarr
In iis 6 it's easy, you can add a custom header for 'ETag' = ""
In IIS 7, after reading this thread and figuring that it was impossible without using a custom http module, I found that you can simply install Microsoft's URL Rewrite module and add an outbound rewrite rule as follows:
<outboundRules>
<rule name="Remove ETag">
<match serverVariable="RESPONSE_ETag" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
This actually works, and you don't need a custom http module (dll). Unlocking the system.webServer configuration section and setting customHeaders, etc., does not work - at least in all the cases I tried. A simple outbound rewrite rule does.
By the way, when you use iis8 it's simple
<element name="clientCache">
<attribute name="cacheControlMode" type="enum" defaultValue="NoControl">
<enum name="NoControl" value="0" />
<enum name="DisableCache" value="1" />
<enum name="UseMaxAge" value="2" />
<enum name="UseExpires" value="3" />
</attribute>
<attribute name="cacheControlMaxAge" type="timeSpan" defaultValue="1.00:00:00" />
<attribute name="httpExpires" type="string" />
<attribute name="cacheControlCustom" type="string" />
<attribute name="setEtag" type="bool" defaultValue="true" />
</element>
IIS 8.0: To use or not to use ETag
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With