HTTP - Etag response header (Entity Tag)


ETag (Entityt Tag) is a HTTP response header that stores an identifier value for a specific version of the body (ie resource).

A etag comparison should determine whether two representations of a resource are the same and is therefore similar to a hash digest.


Cache Validation

Used in a conditional request as validator to see if a resource has changed (such as the browser cache is stale and a new resource should be downloaded)


An etag can be misused as fingerprints allowing user tracking

For example:

  • Phase 1:
    • A site construct a etag value that is unique to the user or user agent,
    • send it in a cacheable response with a long freshness time,
  • Phase 2:
    • For each page view, the browser would then send the the etag along a conditional get
    • The server would then re-identify the user or user agent through the Etag value

This identification would persist:

  • as long as the user agent retained the original cache entry
  • or the user performs privacy-maintaining actions, such as:
    • clearing stored cookies
    • or changing to a private browsing mode.



ETag := ['W/'] '"' 'etag'? '"';


ETag := ['W/'] '"' 'etag'? '"';


  • W is optional and if set means that the etag value is weak and may not changed if the resource changes.
  • etag is an optional string generally a message digest for files (and mostly md5)


ETag: "xyzzy"
ETag: W/"xyzzy"
ETag: ""

Documentation / Reference

Powered by ComboStrap