ETags are useful response headers but can cause security issues for some websites, if not used properly. In this article, we will look at how to disable ETags in Apache server.
What is ETag?
ETag is a server response header that allows browsers to make conditional requests and perform cache validation efficiently. On the other hand, it poses security risks in case it gets leaked by your code, and can result in cache poisoning attack on your website. So it is better to disable ETag if your website does not need it.
How To Disable ETags in Apache Server
It is very easy to disable ETag in Apache server.
1. Open .htaccess
Before proceeding, please enable mod_rewrite (.htaccess) in your Apache web server.
Open .htaccess file, typically located at /var/www/html/.htaccess
$ sudo vi /var/www/html/.htaccess
Also read : How to Fix 414 Request URI too large
2. Disable ETag header
Add the following two lines to your .htaccess file
Header unset ETag
To re-enable ETag header just remove or comment the above lines.
Also read : Apache Restrict Access to URL by IP
3. Restart Apache web server
Restart Apache web server to apply changes.
# service httpd restart OR # systemctl restart httpd OR # sudo service apache2 restart
Use a third-party tool to check if your server response still contains ETag header.