ETag fingerprinting has been around for awhile, KissMetrics got sued for doing it in 2012. I don’t know if there’s a mitigation per se or if it’s just the threat of a lawsuit keeps people honest. Regardless, clearing the cache or using a different profile defeats it.
That's the point I was making. Since favicons have their own cache that isn't cleared when the user clears the main cache, ETags would work well there. And would be less complex than the file scheme in the post.
The browser would presumably send the ETag in an If-None-Match in the GET request though.
ETag fingerprinting has been around for awhile, KissMetrics got sued for doing it in 2012. I don’t know if there’s a mitigation per se or if it’s just the threat of a lawsuit keeps people honest. Regardless, clearing the cache or using a different profile defeats it.
https://www.google.com/amp/s/www.research-live.com/amp-page....
Most browsers have moved, or are moving, to cache partitioning to mitigate this: https://www.chromestatus.com/feature/5730772021411840
Safari shipped this a long time ago, and all other browsers are following that path. It's unfortunate because it means shared CDNs become ineffective.
That's the point I was making. Since favicons have their own cache that isn't cleared when the user clears the main cache, ETags would work well there. And would be less complex than the file scheme in the post.