How To Disable ETags in Apache Server

ETags are useful response headers but can cause security issues for some websites, if not used properly. In this article, we will look at how to disable ETags in Apache server.


What is ETag?

ETag is a server response header that allows browsers to make conditional requests and perform cache validation efficiently. On the other hand, it poses security risks in case it gets leaked by your code, and can result in cache poisoning attack on your website. So it is better to disable ETag if your website does not need it.


How To Disable ETags in Apache Server

It is very easy to disable ETag in Apache server.


1. Open .htaccess

Before proceeding, please enable mod_rewrite (.htaccess) in your Apache web server.

Open .htaccess file, typically located at /var/www/html/.htaccess

$ sudo vi /var/www/html/.htaccess

Also read : How to Fix 414 Request URI too large


2. Disable ETag header

Add the following two lines to your .htaccess file

<IfModule mod_headers.c> 
    Header unset ETag 
</IfModule> 
FileETag None

To re-enable ETag header just remove or comment the above lines.

Also read : Apache Restrict Access to URL by IP


3. Restart Apache web server

Restart Apache web server to apply changes.

# service httpd restart
OR 
# systemctl restart httpd
OR
# sudo service apache2 restart

Use a third-party tool to check if your server response still contains ETag header.

Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it today!

mm

About Ubiq

Ubiq is a powerful dashboard & reporting platform for small & medium businesses. Build dashboards, charts & reports for your business in minutes. Get insights from data quickly. Try it for free today!