How To Disable ETag in NGINX

Last updated on June 21st, 2024 at 06:22 am

ETag headers improve caching by optimizing it. They are useful for speeding up website and reducing network bandwidth. But sometimes you may need to remove ETag header from your website’s server response. This is because they can cause security problems, if not configured properly. In this article, we will look at how to disable ETag in NGINX.

What is ETag?

ETag is a resource identifier assigned for every item on your website whether it is a URL, image, video, file, etc. They are added by web servers, if they are enabled. This makes it easy for web server to easily cache more items efficiently and save network bandwidth. Servers use ETags to determine if a resource needs to be served via server or cache. In other words, it is a server response header that allows browsers to do cache validation efficiently and make conditional requests. However, it poses security risks in case it gets leaked by your code, and result in cache poisoning attack on your website. So if your website does not need ETag, better disable it.

How To Disable ETag in NGINX

By default, NGINX does not assign ETag for dynamic content. It generates ETag only for static files. But it is very easy to disable ETag in NGINX. We just need to set etag server variable to on/off to enable/disable ETag in NGINX.

1. Open NGINX configuration

Open terminal and run the following command to open NGINX configuration file.

$ sudo vi /etc/nginx/nginx.conf

If you have configured separate virtual hosts for your website (e.g www.example.com), such as /etc/nginx/sites-enabled/example.conf then open its configuration with the following command

$ sudo vi /etc/nginx/sites-enabled/example.conf

2. Disable ETag header

You can add “etag off” to http, server or location blocks to disable ETag across all websites on your server, a specific website, a specific URL location respectively.

Disable ETag on all websites on server

Adding etag off to http block will disable ETag for all servers running on your NGINX server.

http {
   ...
   etag off;
   ...
}

Disable ETag on single website

Adding etag off to server block will disable ETag only for that server. For example, the following configuration will disable ETag only for server hosting example.com domain

server {
   listen 80;
   server_name example.com;
   etag off;
   ...
}

Disable ETag for single folder

Adding etag off to location block will disable ETag only for that location. For example, the following configuration will disable ETag only for /product location

location /product {
   ...
   etag off;
   ...
}

Disable ETag for single URL

Adding etag off to location block will disable ETag only for that URL. For example, the following configuration will disable ETag only for /product location

location /product.html {
...
etag off;
...
}

3. Restart NGINX Server

Finally, run the following command to check syntax of your updated config file.

$ sudo nginx -t

If there are no errors, run the following command to restart NGINX server.

$ sudo service nginx reload #debian/ubuntu
$ systemctl restart nginx #redhat/centos

You can use a third-party tool to check if your server response still contains ETag header.

Conclusion

In this article, we have learnt how to disable ETag header. ETags are useful if you run a large website with a lot of content. They allow your server to efficiently process cache requests by adding a resource identifier for each URL, image, video, file, etc. This enables the server to load only those parts of the page that have been updated. Rest are loaded directly from the cache. However, if not configured properly, it can open up your website to different types of cache corruption. So use it only if you absolutely need it. Else remove ETag headers from your server response.

Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it today!

Also read
How to Enable HTTP/2 in NGINX
How to Fix NGINX 413 Request too large error
How to Remove WWW from domain URL in NGINX
How to Redirect HTTP to HTTPS in NGINX