1

I am trying to remove unwanted Cache-Control, Pragma and Expires HTTP headers in responses from a Web Api 2 project hosted on an Azure website in Standard mode.

I have tried the following in Global.asax Application_PreSendRequestHeaders:

var headers = ((HttpApplication)sender).Context.Response.Headers;
headers.Remove("Cache-Control");
headers.Remove("Pragma");
headers.Remove("Expires");

This works when debugging in Visual Studio. But on Azure, the headers are only removed for GET requests and not HEAD or POST requests.

Grateful for any suggestions!

Matt Jenkins
  • 2,824
  • 1
  • 30
  • 34
  • I think you're on the right track, but [this answer](http://stackoverflow.com/a/12803974/268066) to another question says you may have to use `Application_BeginRequest` instead of `Application_PreSendRequestHeaders`. It also reenforces that many headers cannot be modified via `` as suggested by @Mark Rendle – CrazyPyro Mar 16 '15 at 17:41
  • possible duplicate of [Removing/Hiding/Disabling excessive HTTP response headers in Azure/IIS7 without UrlScan](http://stackoverflow.com/questions/12803972/removing-hiding-disabling-excessive-http-response-headers-in-azure-iis7-without) – CrazyPyro Mar 16 '15 at 17:43

1 Answers1

1

Azure Web Sites supports the request filtering module, so you can do this in your web.config:

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <remove name="Cache-Control" />
      <remove name="Pragma" />
      <remove name="Expires" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

Disclaimer: I am not condoning the removal of these headers, which are an essential part of the HTTP protocol.

Removing cache headers says to clients "it is entirely up to you to decide how to cache this response", which may result in odd and hard-to-reproduce errors in production. If you want to disable caching, you should set these headers to values which explicitly disable caching:

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Cache-Control" value="no-cache" />
      <add name="Pragma" value="no-cache" />
      <add name="Expires" value="-1" />
    </customHeaders>
  </httpProtocol>
</system.webServer>
Mark Rendle
  • 9,274
  • 1
  • 32
  • 58
  • Thanks, I have just tried. Unfortunately, these headers don't seem to be removed by this technique (applies to both Azure and local development server). The principle is solid as I am already removing the X-Powered-By header this way. I wonder what's going on with these headers?! – Matt Jenkins Feb 21 '14 at 11:08
  • As I say, these are important headers. Why are you looking to remove them rather than setting them to specific values? – Mark Rendle Feb 21 '14 at 11:30
  • The only consumer of this API is a proprietary hardware device that has no concept of caching. So the headers are redundant. – Matt Jenkins Feb 21 '14 at 14:47
  • 1
    Considering pragma: no-cache was never supposed to be a response header and Microsoft stopped recommending its use in [2005](https://support.microsoft.com/en-us/kb/165150) I don't really consider it essential. And Expires: -1 is an invalid header that duplicates what Cache-Control does, it also can be safely removed. I believe. – Darrel Miller Sep 22 '15 at 14:56