ChatGPT解决这个技术问题 Extra ChatGPT

How to prevent favicon.ico requests?

I don't have a favicon.ico, but my browser always makes a request for it.

Is it possible to prevent the browser from making a request for the favicon from my site? Maybe some META-TAG in the HTML header?

+1 good question but it seems like the simplest solution is just to add a valid favicon :-) surely this is a one minute job and your site looks more professional straight away?
You can also have an empty favicon.ico file. This will stop the requests (after the first), but not cause the browser to render a blank favicon where it usually renders whatever its default icon is.
I have to say that I agree with the questioner's implied point completely: for what purpose would something extra be made mandatory? and further, how is it that we cannot simply add some meta data to the response saying "behave exactly as if you requested a favicon.ico and got a 404, only don't actually make the request and further don't ask again until this page changes".
This is such a pain. I have a webservice which only serves JSON and doesn't even have the basic capability of serving files without some changes (for a start, every method requires an auth token to avoid a 401/403). I log failed requests so I can analyse them later - the logs are constantly flooded with requests for a favicon.
It's 2015. Any news about it?

S
Sridhar Ratnakumar

I will first say that having a favicon in a Web page is a good thing (normally).

However it is not always desired and sometime developers need a way to avoid the extra payload. For example an IFRAME would request a favicon without showing it. Worst yet, in Chrome and Android an IFRAME will generate 3 requests for favicons:

"GET /favicon.ico HTTP/1.1" 404 183
"GET /apple-touch-icon-precomposed.png HTTP/1.1" 404 197
"GET /apple-touch-icon.png HTTP/1.1" 404 189

The following uses data URI and can be used to avoid fake favicon requests:

<link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> 

For references see here:

https://github.com/h5bp/html5-boilerplate/issues/1103

https://twitter.com/diegoperini/status/4882543836930048

UPDATE 1:

From the comments (jpic) it looks like Firefox >= 25 doesn't like the above syntax anymore. I tested on Firefox 27 and it doesn't work while it still work on Webkit/Chrome.

So here is the new one that should cover all recent browsers. I tested Safari, Chrome and Firefox:

<link rel="icon" href="data:;base64,=">

I left out the "shortcut" name from the "rel" attribute value since that's only for older IE and versions of IE < 8 doesn't like dataURIs either. Not tested on IE8.

UPDATE 2:

If you need your document to validate against HTML5 use this instead:

<link rel="icon" href="data:;base64,iVBORw0KGgo=">

Your UPDATE 2 had issues on Lollipop...adding <link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgo="> seems to solve the issue.
If I got it right, I can open data:image/png;base64,iVBORw0KGgo= in browser, save it as favicon.ico aka. empty PNG file and store it in website root. Right?
@Alko That empty PNG file is still invalid. If this is just about creating an data URL that describes an empty file, use:
Browsers tend to request the favicon even if there are no references to it in the index.html file, so how would this solution prevent this? Specifically, I have seen Firefox being very aggressive about requesting it as soon as you visit a domain. Other browsers may do it later, maybe after the index file has loaded the header(somebody with more knowledge of the internals of browsers please comment). Not having a favicon has potential side effects, just google it, or: stackoverflow.com/questions/4269695/…
I was using this, but had to tighten up security on my web application. Now, I get this: "Refused to load the image 'data:;base64,=' because it violates the following Content Security Policy directive: "default-src 'self' https: 'unsafe-eval' 'unsafe-inline'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback." - so this solution (while good) only works with more relaxed security scenarios.
v
vog

Just add the following line to the <head> section of your HTML file:

<link rel="icon" href="data:,">

Features of this solution:

100% valid HTML5

very short

does not incur any quirks from IE 8 and older

does not make the browser interpret the current HTML code as favicon (which would be the case with href="#")


If you're just trying to shut up chrome devtools on a local project, this is by far the easiest and cleanest way to go.
Please expand on this. Do I just need to include this in my HTML file to stop favicon request?
@AakashVerma Yes, that's all. Nothing else is needed. (Unless your site needs to support Internet Explorer 8 or older.) I improved my answer accordingly.
@asynts What do you mean by reserves space?
@leojh What exactly is happening on Safari? Did you find a simple solution that should be added to my answer?
v
vog

I believe I've seen this (I haven't tested it or used it personally though) :

<link rel="shortcut icon" href="#" />

Anyone had similar experience?

EDIT:

I just tested the above snippet and on a forced full refresh, no favicon requests were seen in Fiddler. I tested against IE8 (Compat mode as IE7 standards) and FF 3.6.


I tried in Safari. The favicon request hits the hosting page again.
I wouldn't suggest this, because it makes the browser (Safari5/Mac, maybe others too) to request the webpage from the server twice.
@Manav That is no longer the case in Safari6/Mac.
BOOM THIS! Thanks :D now I won't see that annoying error, until I finally get around to making that icon hehe.
Use about:blank instead
I
Ionuț G. Stan

You can't. All you can do is to make that image as small as possible and set some cache invalidation headers (Expires, Cache-Control) far in the future. Here's what Yahoo! has to say about favicon.ico requests.


He said he doesn't have a favicon. They don't get much smaller than that. And it doesn't make any sense to cache non-existant files.
If he doesn't have a favicon then he should make one, that was my point. There's no better solution than this one. Isn't it logical? If there's no possibility to stop requests, unless you use caching, what do you do?
You turn it off. If you don't want a favicon, and you also don't want error requests in your error logs, then you should turn it off. Why is that so hard to understand?
@BT the server or the browser? :D
The both of them.
V
Vincent-cm

if you use nginx

# skip favicon.ico
#
location = /favicon.ico {
    access_log off;
    return 204;
}

This doesn't prevent the request, but I like it as an alternative.
Sure, if you can control the web server.
P
Parth Patel

The easiest way to block these temporarily for testing purposes is to open up the inspect page in chrome by right-clicking anywhere on the page and clicking inspect or by pressing Ctrl+Shift+j and then going to the networking tab and then reloading the page which will send all the requests your page is supposed to make including that annoying favicon.ico. You can now simply right click the favicon.ico request and click "Block request URL".

https://i.stack.imgur.com/q7NFl.png

All of the above answers are for devs who control the app source code. If you are a sysadmin, who's figuring out load-balancer or proxying configuration and is annoyed by this favicon.ico shenanigans, this simple trick does a better job. This answer is for Chrome, but I think there should be a similar alternative which you would figure out for Firefox/Opera/Tor/any other browser :)


s
safrazik

Put this into your HTML head:

<link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC">

This is a bit larger than the other answers, but does contain an actually valid PNG image (1x1 pixel white).


Also data:image/gif;base64,R0lGODlhAQABAAAAACwAAAAAAQABAAA=
A
Anon1

You can use .htaccess or server directives to deny access to favicon.ico, but the server will send an access denied reply to the browser and this still slows page access.

You can stop the browser requesting favicon.ico when a user returns to your site, by getting it to stay in the browser cache.

First, provide a small favicon.ico image, could be blank, but as small as possible. I made a black and white one under 200 bytes. Then, using .htaccess or server directives, set the file Expires header a month or two in the future. When the same user comes back to your site it will be loaded from the browser cache and no request will go to your site. No more 404's in the server logs too.

If you have control over a complete Apache server or maybe a virtual server you can do this:-

If the server document root is say /var/www/html then add this to /etc/httpd/conf/httpd.conf:-

Alias /favicon.ico "/var/www/html/favicon.ico"
<Directory "/var/www/html">
    <Files favicon.ico>
       ExpiresActive On
       ExpiresDefault "access plus 1 month"
    </Files>
</Directory>

Then a single favicon.ico will work for all the virtual hosted sites since you are aliasing it. It will be drawn from the browser cache for a month after the users visit.

For .htaccess this is reported to work (not checked by me):-

AddType image/x-icon .ico
ExpiresActive On
ExpiresByType image/x-icon "access plus 1 month"

Don't forget to enable the module: ~ /etc/apache2 # a2enmod expires && service apache2 restart
M
Marcio Mazzucato

A very simple solution is put the below code in your .htaccess. I had the same issue and it solve my problem.

<IfModule mod_alias.c>
    RedirectMatch 403 favicon.ico
</IfModule>

Reference: http://perishablepress.com/block-favicon-url-404-requests/


The article linked to from here is very good, but I believe the syntax in the response is incorrect.
V
Visv M

In Node.js,

res.writeHead(200, {'Content-Type': 'text/plain', 'Link': 'rel="shortcut icon" href="#"'} );

can you elaborate? Where in node?
A
Azrail

Personally I used this in my HTML head tag:

<link rel="shortcut icon" href="#" />

I
Israel Manzi

Just make it simple with :

<link rel="shortcut icon" href="#" type="image/x-icon">

It displays nothing!!!!


P
Petruza

Elaborating on previous answers, this might be the shortest solution from the HTML file itself:
<link rel="shortcut icon" href="data:" />

Tested working, no error messages or failed requests on Chrome Version 94.0.4606.81


p
pbaranski

I need prevent request AND have icon displayed i.e. in Chrome.

Quick code to try in <head>:

    <link rel="icon" type="image/png" sizes="16x16" href="data:image/png;base64,
    iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAMFBMVEU0OkArMjhobHEoPUPFEBIu
    O0L+AAC2FBZ2JyuNICOfGx7xAwTjCAlCNTvVDA1aLzQ3COjMAAAAVUlEQVQI12NgwAaCDSA0888G
    CItjn0szWGBJTVoGSCjWs8TleQCQYV95evdxkFT8Kpe0PLDi5WfKd4LUsN5zS1sKFolt8bwAZrCa
    GqNYJAgFDEpQAAAzmxafI4vZWwAAAABJRU5ErkJggg==" />

As cool as this is it adds unneeded clutter to your code. Israel Manzi example is likely best
@JSON I'm a tester and sometimes I need to prototype very fast to get proper results. That's why I posted this solution and someone already liked this answer - this is perpouse of SO to give people choices and they can choose what suits best their problems. SO is for downvotes to, so thanks for the feedback!
J
J. Declan Young

In our experience, with Apache falling over on request of favicon.ico, we commented out extra headers in the .htaccess file.

For example we had Header set X-XSS-Protection "1; mode=block"

... but we had forgotten to sudo a2enmod headers beforehand. Commenting out extra headers being sent resolved our favicon.ico issue.

We also had several virtual hosts set up for development, and only failed out with 500 Internal Server Error when using http://localhost and fetching /favicon.ico. If you run "curl -v http://localhost/favicon.ico" and get a warning about the host name not being in the resolver cache or something to that effect, you might experience problems.

It could be as simple as not fetching (we tried that and it didn't work, because our root cause was different) or look around for directives in apache2.conf or .htaccess which might be causing strange 500 Internal Server Error messages.

We found it failed so quickly there was nothing useful in Apache's error logs whatsoever and spent an entire morning changing small things here and there until we resolved the problem of setting extra headers when we had forgotten to have mod_headers loaded!


o
ohsoifelse

Sometimes this error comes, when HTML has some commented code and browser is trying to look for something. Like in my case I had commented code for a web form in flask and I was getting this.

After spending 2 hours I fixed it in the following ways:

1) I created a new python environment and then it threw an error on the commented HTML line, before this I was only thrown error 'GET /favicon.ico HTTP/1.1" 404'

2) Sometimes, when I had a duplicate code, like python file existing with the same name, then also I saw this error, try removing those too


A
AnandShiva

If you are not using HTML and it's auto-generated by Flask or some frameworks you can always add a dummy route in the app to just return dummy text to fix this issue.

Or . . . you can just add the favicon :)

Eg for Python Flask Application.

@app.route('/favicon.ico')
def favicon():
    return 'dummy', 200

r
rora

I solved this problem by using the Content-Security-Policy HTTP response header. By using this, is possible to block the browser from making further media queries like images (other types are also possible). I added the following header to the response:

Content-Security-Policy: img-src 'none'

The problem is it will block ALL image queries. If your HTML has any image, they won't be loaded. In my case it was very likely a bug in Firefox because the browser was requesting the favicon.ico for a response whose Content-type is text/xml!

It also depends on the browser implementing this feature as is enforced on the client side.

Check https://content-security-policy.com for a complete guide on CSP.

Cheers!


j
josh

You could use

<link rel="shortcut icon" href="http://localhost/" />

That way it won't actually be requested from the server.


That seems like it may cause some browsers to throw scary error messages - also you'll have to watch out for using that trick on pages that might be served over HTTPS.
Using about:blank is better.