Comment by tyingq

5 years ago

Wouldn't the browser do a HEAD first? Seems like you could also use uniquely generated ETAGS as cookies if it does. Which would be more effective with favicons than the general case, given the comments about how browsers cache them.

5 comments

tyingq

edoceo 5 years ago

Browser does NOT do the HEAD request first. Only GET

laurencerowe 5 years ago
The browser would presumably send the ETag in an If-None-Match in the GET request though.
- evan_ 5 years ago
  
  ETag fingerprinting has been around for awhile, KissMetrics got sued for doing it in 2012. I don’t know if there’s a mitigation per se or if it’s just the threat of a lawsuit keeps people honest. Regardless, clearing the cache or using a different profile defeats it.
  https://www.google.com/amp/s/www.research-live.com/amp-page....
  
  2 replies →