HTTP ETag
ETag (for entity tag , such as ' entity identifier ') is a header field introduced in HTTP 1.1 . It is used to determine changes to the requested resource and is mainly used for caching , i.e. avoiding redundant data transfers.
specification
The ETag value is any character string enclosed in quotation marks, which can also be identified W/as a weak ETag with the prefix “ ”. The specifying BNF :
ETag = "ETag" ":" entity-tag entity-tag = [ weak ] opaque-tag weak = "W/" opaque-tag = quoted-string
- Strong ETag
- A strong ETag may only be managed by several entities of a resource if they are absolutely identical (bit for bit).
- Weak ETag
- A weak ETag (identified by a "
W/" prefix) may be used by several entities of a resource if they are equivalent to each other, i.e. do not differ significantly from a semantic point of view.
Often times , the generation of the ETag value is based on the hash of the content of the resource or when it was last modified.
procedure
The first time a resource is requested, the server sends an ETag value specific to this resource in the ETagheader field, which is saved locally by the client together with the resource. (Fig. 1) If the same resource is requested again, the client sends If-None-Matchthe previously saved ETag value in the header field . (Fig. 2) On the server side, the sent ETag value is compared with the current one and, if it matches, the status code 304 is answered. (Fig. 3) In this case, the data of the resource are not sent and the client uses the locally saved data.
Problems
The ETag can have negative effects if the implementation is inept: If the ETag is generated, for example, from the inode of the document to be delivered, this value is only valid on this system. If the document is now delivered by several servers (e.g. for the purpose of server load distribution ), a new request from the client can be processed by another server with a different ETag value, which in turn results in the transfer of the same file despite ETags . For this reason, it is recommended not to use the inode when generating the ETag value.
For example, a hash value of the content of the file or a unique version number of the file should be used to generate the ETag .
In addition, users can be identified using ETags if a web server generates client-specific ETags.
Web links
- ETag in the HTTP 1.1 specification of the W3C
- Apache HTTP Server Documentation - FileETag Directive
- lighttpd server documentation - etag.use-inode
Individual evidence
- ↑ Non-erasable cookie allows browser identification , accessed on November 26, 2013
- ↑ User tracking on the web: Researcher warns of insidious tracking technology , accessed on November 29, 2013