Remove cache HTTP response headers from Web Api in Azure

Question

I am trying to remove unwanted Cache-Control, Pragma and Expires HTTP headers in responses from a Web Api 2 project hosted on an Azure website in Standard mode.

I have tried the following in Global.asax Application_PreSendRequestHeaders:

var headers = ((HttpApplication)sender).Context.Response.Headers;
headers.Remove("Cache-Control");
headers.Remove("Pragma");
headers.Remove("Expires");

This works when debugging in Visual Studio. But on Azure, the headers are only removed for GET requests and not HEAD or POST requests.

Grateful for any suggestions!

I think you're on the right track, but this answer to another question says you may have to use Application_BeginRequest instead of Application_PreSendRequestHeaders. It also reenforces that many headers cannot be modified via <customHeaders> as suggested by @Mark Rendle — CrazyPyro
– CrazyPyro, Commented Mar 16, 2015 at 17:41
possible duplicate of Removing/Hiding/Disabling excessive HTTP response headers in Azure/IIS7 without UrlScan — CrazyPyro
– CrazyPyro, Commented Mar 16, 2015 at 17:43

Mark Rendle · Accepted Answer · 2014-02-20 13:40:06Z

1

Azure Web Sites supports the request filtering module, so you can do this in your web.config:

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <remove name="Cache-Control" />
      <remove name="Pragma" />
      <remove name="Expires" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

Disclaimer: I am not condoning the removal of these headers, which are an essential part of the HTTP protocol.

Removing cache headers says to clients "it is entirely up to you to decide how to cache this response", which may result in odd and hard-to-reproduce errors in production. If you want to disable caching, you should set these headers to values which explicitly disable caching:

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Cache-Control" value="no-cache" />
      <add name="Pragma" value="no-cache" />
      <add name="Expires" value="-1" />
    </customHeaders>
  </httpProtocol>
</system.webServer>

answered Feb 20, 2014 at 13:40

Mark Rendle

9,4711 gold badge34 silver badges59 bronze badges

Sign up to request clarification or add additional context in comments.

4 Comments

Matt Jenkins Over a year ago

Thanks, I have just tried. Unfortunately, these headers don't seem to be removed by this technique (applies to both Azure and local development server). The principle is solid as I am already removing the X-Powered-By header this way. I wonder what's going on with these headers?!

Mark Rendle Over a year ago

As I say, these are important headers. Why are you looking to remove them rather than setting them to specific values?

Matt Jenkins Over a year ago

The only consumer of this API is a proprietary hardware device that has no concept of caching. So the headers are redundant.

Darrel Miller Over a year ago

Considering pragma: no-cache was never supposed to be a response header and Microsoft stopped recommending its use in 2005 I don't really consider it essential. And Expires: -1 is an invalid header that duplicates what Cache-Control does, it also can be safely removed. I believe.

Collectives™ on Stack Overflow

Remove cache HTTP response headers from Web Api in Azure

1 Answer 1

4 Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

4 Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related