Etag - An unique identifier for a HTTP resource

About

ETag (Entityt Tag) is a HTTP response header that stores an identifier value for a specific version of the body (ie resource).

A etag comparison should determine whether two representations of a resource are the same and is therefore similar to a hash digest.

Usage

Cache Validation

Used in a conditional request as validator to see if a resource has changed (such as the browser cache is stale and a new resource should be downloaded)

Tracking

An etag can be misused as fingerprints allowing user tracking

For example:

  • Phase 1:
    • A site construct a etag value that is unique to the user or user agent,
    • send it in a cacheable response with a long freshness time,
  • Phase 2:
    • For each page view, the browser would then send the the etag along a conditional get
    • The server would then re-identify the user or user agent through the Etag value

This identification would persist:

  • as long as the user agent retained the original cache entry
  • or the user performs privacy-maintaining actions, such as:
    • clearing stored cookies
    • or changing to a private browsing mode.

Syntax

In BNF: 

ETag := ['W/'] '"' 'etag'? '"';

RailRoad: 

ETag := ['W/'] '"' 'etag'? '"';

where:

  • W is optional and if set means that the etag value is weak and may not changed if the resource changes.
  • etag is an optional string generally a message digest for files (and mostly md5)

Example

ETag: "xyzzy"
ETag: W/"xyzzy"
ETag: ""

Documentation / Reference




Discover More
Card Puncher Data Processing
Azure - Blob (files of any format)

This page is Blob in Azure. They are stored in their azure storage file system. The storage service offers three types of blobs: block blobs, append blobs, and page blobs. You specify...
HTTP - Cache (Cache-Control Header, Bursting, )

When sending a response, several headers have an influence / control over the cache store, we call them cache control headers The cache control header are: Name Description Cache-Control Define properties...
HTTP - if-none-match Header

if-none-match is one of the conditional request header that permits to verify the freshness of the cache in a condition get request. As specified in a conditional get request, when a server gets a request...
Browser
Web - Browser Fingerprinting

A digital fingerprint is a string that represents a unique id of a device (browser). The more unique is the browser, the more it has a one on one relationship with a user. A digital fingerprint may...
What contains the HTTP Last-Modified header

The Last-Modified header is part of a conditional get request in order to get a resource if and only it has changed since the last fetch
What is a cache validation (conditional HTTP GET request) ?

A cache validation known as a conditional HTTP GET request asks the server if a resource has been modified
What is an HTTP cache Validator ?

What is an HTTP validator value and what is used for in HTTP
What's a resource in HTTP

A resource in HTTP is encapsulated in request and has several way to be defined, this article shows you the most important information



Share this page:
Follow us:
Task Runner