Why you should not use ETag

In the Last-modified time stamp validation entry i mentioned following problems with using Last-Modified date


  • A file's time stamp might get updated without any changes in the actual content of the file. In that case any conditional get request will result in 200 response and will send the full body of resource

  • One of the common problems in that HTTP servers clocks are out of synch. Even if your environment has multiple HTTP servers they might not have same time. So if you copy same file to different server at the same time, it might end up getting different last-modified time. SO if your request goes to different HTTP server, the last modified time wont match and it will return 200 for file that is not changed

  • If-modified-since values cannot be used for objects that may be updated more frequently than once per second, because value of Last-Modified is specified in seconds



So if your thinking that you could use ETag to solve this problem but problem is that the Http Server generates Last-Modified date by default and the browser always adds If-Modified-Since header in the subsequent request. As per HTTP 1.1 specification client must use an entity tag validator if a server sends back an entity tag. If the server sends only a Last-Modified value, the client can use If-Modified-Since validator. If both an entity tag and last-modified date are available, the client should use both re-validation schemes. If an HTTP 1.1 cache or server receives a request with both If-Modified-Since and entity tag conditional headers, it must not return a 304 Not Modified response unless doing so is consistent with all of the conditional header fields in the request.

That means for the response to be valid and returning 304(which is desirable behavior) both Last-Modified and ETag must be same as that of the copy on the server. That means if the Last-Modified date does not match for any reason but ETag matches server will still return 200 status code with full response. But if your using default format of ETag INode MTime Size then there is chance that the server might generate different ETag for same file, which will result in full refresh even if the client has latest version.

The Configure ETag entry on YSlow blog has details on why you should disable ETag

1 comment: