What is ETag header and how it works?

[Last Updated: Feb 6, 2017]


ETag (entity tag) response header provides a mechanism to cache unchanged resources. It's value is an identifier which represents a specific version of the resource. Here's an example ETag header:

ETag: "version1"

Note that value of ETag must be a quoted-string.

How it works?

Followings are the general high level steps where response header 'ETag' along with conditional request header 'If-None-Match' is used to cache the resource copy in the client browser:

  1. Server receives a normal HTTP request for a particular resource, say XYZ.

  2. The server side prepares the response. The server side logic wants the browser to cache XYZ locally. By default all browsers always cache the resources (specification) so no special header in the response is needed.

  3. Server includes the header 'ETag' with it's value in the response:
     ETag: "version1"

  4. Server sends the response with above header, content of XYZ in the body and with the status code 200. The browser renders the resource and at the same time caches the resource copy along with header information.

  5. Later the same browser makes another request for the same resource XYZ. with following conditional request header:
    If-None-Match: "version1"

  6. On receiving the request for XYZ along with 'If-None-Match' header, the server side logic checks whether XYZ needs a new copy of the resource by comparing the current value of the ETag identifier on the server side and the one which is received in the request header.
    • If request's If-None-Match is same as currently generated/assigned value of ETag on the server, then status code 304 (Not Modified) with the empty body is sent back and the browser uses cached copy of XYZ.
    • If request's If-None-Match value doesn't match the currently generated/assigned value of ETag (say "version2") for XYZ then server sends back the new content in the body along with status code 200. The 'ETag' header with the new value is also included in the response. The browser uses the new XYZ and updates its cache with the new data.

Generating ETag value

ETag specification does not dictate how to generate ETag values. That's entirely up to the application to generate it as it wants. It can be created and updated manually or can be auto generated. Common methods of its auto-generation include using hash of the resource's content or just hash of the last modification timestamp. The generated hash should be collision free. Hash-Collision is the situation when two or more inputs to a hash function give the same output.

ETag value validation

Validation of ETag value is nothing but comparing the two values (the one which received in request header 'If-None-match' and the one which is currently representing the resource). There are two validation approaches.

Weak Validation: The two resource representations are semantically equivalent, e.g. some of the content differences are not important from the business logic perspective e.g. current date displayed on the page might not be important for updating the entire resource for it.
The syntax for weak validation:

ETag: W/"<etag_value>" 

Note that this directive is entirely used for the server side logic and has no importance to the client browser.

Strong Validation: The two resource representations are byte-for-byte identical. This is the default one and no special directive is used for it.

See Also