How do I remove eTag headers from IIS7?

asp.net iis-7 etag

Under IIS7 the Etag change number (the part of the Etag following : ) is always set to 0.

Hence the Etag from the server no longer varies from server to server for the same file and therefore the Yahoo best practice no longer really applies.

Since you can't actually suppress the ETag header on IIS7 it would probably be best that you don't fiddle with it at all. I've found by far the most useful configuration rule is "If the default doesn't break something, leave it alone".


You would think doing this in the web.config would work to disable ETags in IIS7. But sniffer trace confirms that ETag is sent down anyway.

<httpProtocol>
    <customHeaders>
        <remove name="ETag" />
    </customHeaders>
</httpProtocol>

Using blank doesn't work, either. ETag is sent down anyway.

<httpProtocol>
    <customHeaders>
        <add name="ETag" value="" />
    </customHeaders>
</httpProtocol>

Setting the ETag to blank quotes as other sites have suggested doesn't work.

<httpProtocol>
    <customHeaders>
        <add name="ETag" value="&quot;&quot;" />
    </customHeaders>
</httpProtocol>

Causes even more ETag to be sent down:

ETag: "8ee1ce1acf18ca1:0",""

In conclusion, nothing I can try or think of works to kill ETag on IIS7, at least without writing custom modules, etc.


I wrote a custom http module to handle this. It's really not as bad as it sounds. Here's the code:

using System;
using System.Web;

namespace StrongNamespace.HttpModules
{
    public class CustomHeaderModule : IHttpModule
    {
        public void Init(HttpApplication application)
        {
            application.PostReleaseRequestState += new EventHandler(application_PostReleaseRequestState);

        }

        public void Dispose()
        {
        }

        void application_PostReleaseRequestState(object sender, EventArgs e)
        {
            HttpContext.Current.Response.Headers.Remove("Server");
            HttpContext.Current.Response.Headers.Remove("X-AspNet-Version");
            HttpContext.Current.Response.Headers.Remove("ETag");
        }
    }
}

Here's the web.config changes you'll want:

<configuration>
    <system.webServer>
        <httpProtocol>
            <customHeaders>
                <remove name="X-Powered-By"/>
            </customHeaders>
        </httpProtocol>
        <modules>
            <add name="CustomHeaderModule" type="StrongNamespace.HttpModules.CustomHeaderModule"/>
        </modules>
    </system.webServer>
</configuration>

Related

Customizing the More menu on a Tab bar
How to add shortcut to Home screen in android programmatically [duplicate]
NSLocale currentLocale always returns "en_US" not user's current language
How to use POSIX semaphores on forked processes in C?
Django: How can I call a view function from template?
What is the difference between a static and const variable?
How to Clone an Eclipse Workspace
How to deal with concurrent updates in databases?
Why is colspan not a known native attribute in Angular 2?
Detect Language of NSString
Splat operators in JavaScript, equivalent to *args and **kwargs in Python?
Selecting a Linux I/O Scheduler