HTTP - Etag response header (Entity Tag)

About

ETag (Entityt Tag) is a HTTP response header that stores an identifier value for a specific version of the body (ie resource).

A etag comparison should determine whether two representations of a resource are the same and is therefore similar to a hash digest.

Usage

Cache Validation

Used in a conditional request as validator to see if a resource has changed (such as the browser cache is stale and a new resource should be downloaded)

Tracking

An etag can be misused as fingerprints allowing user tracking

For example:

  • Phase 1:
    • A site construct a etag value that is unique to the user or user agent,
    • send it in a cacheable response with a long freshness time,
  • Phase 2:
    • For each page view, the browser would then send the the etag along a conditional get
    • The server would then re-identify the user or user agent through the Etag value

This identification would persist:

  • as long as the user agent retained the original cache entry
  • or the user performs privacy-maintaining actions, such as:
    • clearing stored cookies
    • or changing to a private browsing mode.

Syntax

In BNF:

ETag := ['W/'] '"' 'etag'? '"';

RailRoad:

ETag := ['W/'] '"' 'etag'? '"';

where:

  • W is optional and if set means that the etag value is weak and may not changed if the resource changes.
  • etag is an optional string generally a message digest for files (and mostly md5)

Example

ETag: "xyzzy"
ETag: W/"xyzzy"
ETag: ""

Documentation / Reference


Powered by ComboStrap