so.cl

ETag is a server response header that allows browsers to make conditional requests and perform cache validation efficiently. On the other hand, it poses security risks in case it gets leaked by your code, and can result in cache poisoning attack on your website.

Make sure you disable Entity Tags on your webserver if you’re running Tor hidden services, else you could be de-anonymized.

Nginx (in nginx.conf):

http {
   etag off;
}

Apache (in .htaccess):

<IfModule mod_headers.c> 
    Header unset ETag 
</IfModule> 
FileETag None

Searching for specific Etags on Shodan/Censys will expose the real host in case of misconfigurations (if the webserver is configured to accept Clearnet connections in addition to Tor ones).