These directives won't mitigate any safety threat. These are really meant to drive UA's to refresh volatile info, not keep UA's from remaining retaining data. Even though you are applying nocache, the ETag header is just not eliminated, as it is effective in a special way. It is really generated https://bookmarkick.com/story21027529/top-%E4%BB%AE%E6%83%B3%E9%80%9A%E8%B2%A8-%E3%82%AB%E3%82%B8%E3%83%8E-secrets