How to prevent favicon.ico requests?

Asked 24/8, 2009 at 11:37 Answered 20/4, 2022 at 9:50

816

I don't have a favicon.ico, but my browser always makes a request for it.

Is it possible to prevent the browser from making a request for the favicon from my site? Maybe some META-TAG in the HTML header?

Sexless answered 24/8, 2009 at 11:37 Comment(6)

You can also have an empty favicon.ico file. This will stop the requests (after the first), but not cause the browser to render a blank favicon where it usually renders whatever its default icon is. – Forbore 2/2, 2012 at 14:3

I have to say that I agree with the questioner's implied point completely: for what purpose would something extra be made mandatory? and further, how is it that we cannot simply add some meta data to the response saying "behave exactly as if you requested a favicon.ico and got a 404, only don't actually make the request and further don't ask again until this page changes". – Oosperm 19/4, 2012 at 23:36

This is such a pain. I have a webservice which only serves JSON and doesn't even have the basic capability of serving files without some changes (for a start, every method requires an auth token to avoid a 401/403). I log failed requests so I can analyse them later - the logs are constantly flooded with requests for a favicon. – Toner 29/7, 2013 at 13:53

how would you justify adding a favicon.ico file to your REST APIs? – Lynch 27/3, 2014 at 0:24

This is a legit question if you need to create a page with really locked-down CSP settings. It's absurd to open up an img-src, or spam your error logs, just for an unnecessary favicon – Destructionist 6/2, 2020 at 21:36

Similar to @Basic, I have no HTML. I have a flask app that just returns JSON responses, running via a Cloudflare tunnel which is serving the app with Gunicorn. I don't want these requests to happen at all and I don't want a favicon. I'm fairly new to using Cloudflare so I assume there's some way to block the request, but I'd really just rather have the request never get sent. Is there some header I should set to tell the browser not to make the request in the first place? – Palaearctic 6/4, 2022 at 21:35

758

I will first say that having a favicon in a Web page is a good thing (normally).

However it is not always desired and sometime developers need a way to avoid the extra payload. For example an IFRAME would request a favicon without showing it. Worst yet, in Chrome and Android an IFRAME will generate 3 requests for favicons:

"GET /favicon.ico HTTP/1.1" 404 183
"GET /apple-touch-icon-precomposed.png HTTP/1.1" 404 197
"GET /apple-touch-icon.png HTTP/1.1" 404 189

The following uses data URI and can be used to avoid fake favicon requests:

<link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon">

For references see here:

UPDATE 1:

From the comments (jpic) it looks like Firefox >= 25 doesn't like the above syntax anymore. I tested on Firefox 27 and it doesn't work while it still work on Webkit/Chrome.

So here is the new one that should cover all recent browsers. I tested Safari, Chrome and Firefox:

<link rel="icon" href="data:;base64,=">

I left out the "shortcut" name from the "rel" attribute value since that's only for older IE and versions of IE < 8 doesn't like dataURIs either. Not tested on IE8.

UPDATE 2:

If you need your document to validate against HTML5 use this instead:

<link rel="icon" href="data:;base64,iVBORw0KGgo=">

Nonpros answered 16/11, 2012 at 12:41 Comment(11)

Brilliant. I have to guess the fact that you've gotten so few votes has to do only with the fact that several years have elapsed since the question was asked, and less clever answers had more time to gather votes. – Utimer 28/2, 2013 at 14:58

Your UPDATE 2 had issues on Lollipop...adding <link rel="icon" type="image/png" href="data:image/png;base64,iVBORw0KGgo="> seems to solve the issue. – Galenical 14/7, 2015 at 8:41

If I got it right, I can open data:image/png;base64,iVBORw0KGgo= in browser, save it as favicon.ico aka. empty PNG file and store it in website root. Right? – Disulfide 30/6, 2016 at 15:4

@Galenical That empty PNG file is still invalid. If this is just about creating an data URL that describes an empty file, use: <link rel="icon" href="data:,"> – Tripping 12/8, 2016 at 12:20

Browsers tend to request the favicon even if there are no references to it in the index.html file, so how would this solution prevent this? Specifically, I have seen Firefox being very aggressive about requesting it as soon as you visit a domain. Other browsers may do it later, maybe after the index file has loaded the header(somebody with more knowledge of the internals of browsers please comment). Not having a favicon has potential side effects, just google it, or: #4270195 – Felsite 22/12, 2016 at 18:53

I was using this, but had to tighten up security on my web application. Now, I get this: "Refused to load the image 'data:;base64,=' because it violates the following Content Security Policy directive: "default-src 'self' https: 'unsafe-eval' 'unsafe-inline'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback." - so this solution (while good) only works with more relaxed security scenarios. – Epochal 21/2, 2018 at 11:55

debug your app in chrome first then you can back to mozilla – Maddi 21/9, 2019 at 8:51

what about <link rel="icon" href="#"> suggested by @azrail? https://mcmap.net/q/53759/-how-to-prevent-favicon-ico-requests – Dull 14/2, 2022 at 0:25

The original solution (<link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon">) worked for me (firefox 96). – Overarch 12/3, 2022 at 14:3

@KevinTeljeur why not add directive img-src 'self' data: to the policy – Allmon 6/6, 2022 at 15:24

Tried both of your updated versions and they don't seem to work in Safari 16.3 – Leastways 8/3, 2023 at 22:35

283

Just add the following line to the <head> section of your HTML file:

<link rel="icon" href="data:,">

Features of this solution:

100% valid HTML5
very short
does not incur any quirks from IE 8 and older
does not make the browser interpret the current HTML code as favicon (which would be the case with href="#")

Downside of this solution:

Doesn't work for Safari (improvement proposals in the comments are welcome)

Tripping answered 12/8, 2016 at 12:22 Comment(2)

If you're just trying to shut up chrome devtools on a local project, this is by far the easiest and cleanest way to go. – Dangerous 12/7, 2017 at 3:18

@Dangerous What is the problem that Chrome DevTools have with this solution? – Grieco 22/10, 2019 at 7:39

You can use the following HTML in your <head> element:

<link rel="shortcut icon" href="#" />

I tested this on a forced full refresh, and no favicon requests were seen in Fiddler. (tested against IE8 in compat mode as IE7 standards, and FF 3.6)

Note: this may download the html file twice, so while it works in hiding the error, it comes with a cost.

Links answered 14/1, 2011 at 14:16 Comment(10)

my tests also indicate that this trick works. However, I'd have the href link to some static (cached) resource that you've already loaded (e.g. css or script file) - to ensure that a dynamic (non-cached) page doesn't get requested twice. (Just to be safe since href="#" technically points to the current web page). – Analemma 15/3, 2011 at 23:32

This doesn't help if the requests are coming externally or from a page outside one's control. – Leer 1/4, 2011 at 9:38

@Leer - what do you mean? Like if someone is requesting the favicon directly? Or do you mean if the html source is not able to be edited? – Links 19/4, 2011 at 12:40

If a browser is automatically requesting the favicon, there's no way on the client or server side to stop it from originating the request. All you can do is decide what to do with the request. – Leer 25/4, 2011 at 22:19

I tried in Safari. The favicon request hits the hosting page again. – Causey 16/5, 2011 at 10:21

I wouldn't suggest this, because it makes the browser (Safari5/Mac, maybe others too) to request the webpage from the server twice. – Gilt 18/7, 2011 at 18:5

@Gilt That is no longer the case in Safari6/Mac. – Autocephalous 13/2, 2013 at 5:44

Use about:blank instead – Against 25/9, 2017 at 9:22

Also it will send request twice in Chromium 89, FireFox 85, it seems worst – Reeher 4/12, 2020 at 0:24

What this snippet does is trying to load the html page itself as a favicon It won't display an icon, but the page itself is requested twice (unless it's cached) – Kerril 18/10, 2021 at 4:41

You can't. All you can do is to make that image as small as possible and set some cache invalidation headers (Expires, Cache-Control) far in the future. Here's what Yahoo! has to say about favicon.ico requests.

Supercharger answered 24/8, 2009 at 11:39 Comment(6)

He said he doesn't have a favicon. They don't get much smaller than that. And it doesn't make any sense to cache non-existant files. – Hasan 24/8, 2009 at 12:7

If he doesn't have a favicon then he should make one, that was my point. There's no better solution than this one. Isn't it logical? If there's no possibility to stop requests, unless you use caching, what do you do? – Ming 24/8, 2009 at 12:40

You turn it off. If you don't want a favicon, and you also don't want error requests in your error logs, then you should turn it off. Why is that so hard to understand? – Filberto 3/7, 2020 at 16:51

@BT the server or the browser? :D – Ming 4/7, 2020 at 17:2

The both of them. – Filberto 8/7, 2020 at 18:2

There can be a good reason to not make a favicon. In my case, I'm trying to update the 401 page to not request the favicon, since that request will also be unauthenticated and have an error. – Olvan 12/11, 2020 at 18:6

if you use nginx

# skip favicon.ico
#
location = /favicon.ico {
    access_log off;
    return 204;
}

Opportunist answered 17/3, 2018 at 19:9 Comment(2)

This doesn't prevent the request, but I like it as an alternative. – Denham 23/4, 2018 at 21:15

Sure, if you can control the web server. – Ashlan 9/5, 2019 at 21:19

The easiest way to block these temporarily for testing purposes is to open up the inspect page in chrome by right-clicking anywhere on the page and clicking inspect or by pressing Ctrl+Shift+j and then going to the networking tab and then reloading the page which will send all the requests your page is supposed to make including that annoying favicon.ico. You can now simply right click the favicon.ico request and click "Block request URL".

All of the above answers are for devs who control the app source code. If you are a sysadmin, who's figuring out load-balancer or proxying configuration and is annoyed by this favicon.ico shenanigans, this simple trick does a better job. This answer is for Chrome, but I think there should be a similar alternative which you would figure out for Firefox/Opera/Tor/any other browser :)

Helpful answered 8/2, 2021 at 21:27 Comment(1)

This does not solve the original question. OP is having issue with regular browsing sessions. – Sabatier 20/11, 2023 at 8:53

Put this into your HTML head:

<link rel="icon" href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAEAAAABCAIAAACQd1PeAAAADElEQVQI12P4//8/AAX+Av7czFnnAAAAAElFTkSuQmCC">

This is a bit larger than the other answers, but does contain an actually valid PNG image (1x1 pixel white).

Hortense answered 25/3, 2021 at 12:59 Comment(2)

Also data:image/gif;base64,R0lGODlhAQABAAAAACwAAAAAAQABAAA= – Reeher 27/9, 2021 at 23:39

Perhaps a little larger, but man does it work! Thanks! I am dabbling with serverless as well, this will cut down on my function calls by 50%. – Ahem 7/9, 2023 at 23:6

You can use .htaccess or server directives to deny access to favicon.ico, but the server will send an access denied reply to the browser and this still slows page access.

You can stop the browser requesting favicon.ico when a user returns to your site, by getting it to stay in the browser cache.

First, provide a small favicon.ico image, could be blank, but as small as possible. I made a black and white one under 200 bytes. Then, using .htaccess or server directives, set the file Expires header a month or two in the future. When the same user comes back to your site it will be loaded from the browser cache and no request will go to your site. No more 404's in the server logs too.

If you have control over a complete Apache server or maybe a virtual server you can do this:-

If the server document root is say /var/www/html then add this to /etc/httpd/conf/httpd.conf:-

Alias /favicon.ico "/var/www/html/favicon.ico"
<Directory "/var/www/html">
    <Files favicon.ico>
       ExpiresActive On
       ExpiresDefault "access plus 1 month"
    </Files>
</Directory>

Then a single favicon.ico will work for all the virtual hosted sites since you are aliasing it. It will be drawn from the browser cache for a month after the users visit.

For .htaccess this is reported to work (not checked by me):-

AddType image/x-icon .ico
ExpiresActive On
ExpiresByType image/x-icon "access plus 1 month"

Munniks answered 9/7, 2011 at 19:12 Comment(1)

Don't forget to enable the module: ~ /etc/apache2 # a2enmod expires && service apache2 restart – Provisional 8/1, 2017 at 20:31

A very simple solution is put the below code in your .htaccess. I had the same issue and it solve my problem.

<IfModule mod_alias.c>
    RedirectMatch 403 favicon.ico
</IfModule>

Reference: http://perishablepress.com/block-favicon-url-404-requests/

Mclean answered 12/11, 2013 at 15:32 Comment(2)

The article linked to from here is very good, but I believe the syntax in the response is incorrect. – Ingmar 15/1, 2016 at 20:7

So you get a 403 error (Forbidden) instead of a 404. How is that better? – Quiet 3/11, 2022 at 18:51

Elaborating on previous answers, this might be the shortest solution from the HTML file itself:
<link rel="shortcut icon" href="data:" />

Tested working, no error messages or failed requests on Chrome Version 94.0.4606.81

Kerril answered 18/10, 2021 at 4:53 Comment(0)

Just make it simple with :

<link rel="shortcut icon" href="#" type="image/x-icon">

It displays nothing!!!!

Myca answered 20/4, 2022 at 9:50 Comment(0)

In Node.js,

res.writeHead(200, {'Content-Type': 'text/plain', 'Link': 'rel="shortcut icon" href="#"'} );

Elissaelita answered 8/12, 2019 at 18:57 Comment(3)

can you elaborate? Where in node? – Starflower 11/9, 2020 at 16:0

@johnktejik This is making the Node server send an HTTP Header. This res object is the response, so anytime you send a new page, a new response to the user, you put your headers first, usually. – Elementary 28/7, 2022 at 10:36

No, it would not work. Tested already with Firefox. – Endorsee 28/3, 2023 at 17:45

I need prevent request AND have icon displayed i.e. in Chrome.

Quick code to try in <head>:

    <link rel="icon" type="image/png" sizes="16x16" href="data:image/png;base64,
    iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAMFBMVEU0OkArMjhobHEoPUPFEBIu
    O0L+AAC2FBZ2JyuNICOfGx7xAwTjCAlCNTvVDA1aLzQ3COjMAAAAVUlEQVQI12NgwAaCDSA0888G
    CItjn0szWGBJTVoGSCjWs8TleQCQYV95evdxkFT8Kpe0PLDi5WfKd4LUsN5zS1sKFolt8bwAZrCa
    GqNYJAgFDEpQAAAzmxafI4vZWwAAAABJRU5ErkJggg==" />

Effect:

Full example:

<!DOCTYPE html>
<html>
<head>
    <title><- this icon</title>
    <link rel="icon" type="image/png" sizes="16x16" href="data:image/png;base64,
        iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAMFBMVEU0OkArMjhobHEoPUPFEBIu
        O0L+AAC2FBZ2JyuNICOfGx7xAwTjCAlCNTvVDA1aLzQ3COjMAAAAVUlEQVQI12NgwAaCDSA0888G
        CItjn0szWGBJTVoGSCjWs8TleQCQYV95evdxkFT8Kpe0PLDi5WfKd4LUsN5zS1sKFolt8bwAZrCa
        GqNYJAgFDEpQAAAzmxafI4vZWwAAAABJRU5ErkJggg==" />
</head>
<body>
    
    <h1>Check tab icon</h1>
    
</body>
</html>

Sallust answered 5/2, 2022 at 5:42 Comment(2)

How does this differ from #1322378 from a year prior? – Poppo 4/8, 2023 at 13:40

@Poppo attributes and visible size I think. Will add some content to make it stand off :D – Sallust 8/8, 2023 at 4:58

In our experience, with Apache falling over on request of favicon.ico, we commented out extra headers in the .htaccess file.

For example we had Header set X-XSS-Protection "1; mode=block"

... but we had forgotten to sudo a2enmod headers beforehand. Commenting out extra headers being sent resolved our favicon.ico issue.

We also had several virtual hosts set up for development, and only failed out with 500 Internal Server Error when using http://localhost and fetching /favicon.ico. If you run curl -v http://localhost/favicon.ico and get a warning about the host name not being in the resolver cache or something to that effect, you might experience problems.

It could be as simple as not fetching (we tried that and it didn't work, because our root cause was different) or look around for directives in apache2.conf or .htaccess which might be causing strange 500 Internal Server Error messages.

We found it failed so quickly there was nothing useful in Apache's error logs whatsoever and spent an entire morning changing small things here and there until we resolved the problem of setting extra headers when we had forgotten to have mod_headers loaded!

Leverett answered 1/8, 2016 at 4:19 Comment(0)

-1

Sometimes this error comes, when HTML has some commented code and browser is trying to look for something. Like in my case I had commented code for a web form in flask and I was getting this.

After spending 2 hours I fixed it in the following ways:

1) I created a new python environment and then it threw an error on the commented HTML line, before this I was only thrown error 'GET /favicon.ico HTTP/1.1" 404'

2) Sometimes, when I had a duplicate code, like python file existing with the same name, then also I saw this error, try removing those too

Smudge answered 26/6, 2019 at 18:50 Comment(0)

-2

If you are not using HTML and it's auto-generated by Flask or some frameworks you can always add a dummy route in the app to just return dummy text to fix this issue.

Or . . . you can just add the favicon :)

Eg for Python Flask Application.

@app.route('/favicon.ico')
def favicon():
    return 'dummy', 200

Sidras answered 24/10, 2021 at 20:45 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags