Using ETag Headers with Cloudflare
ETag headers identify whether the version of a resource cached in the browser is the same as the resource at the web server. A visitor's browser stores ETags. When a visitor revisits a site, the browser compares each ETag to the one it stored. Matching values cause a 304 Not-Modified HTTP
response that indicates the cached resource version is current. Cloudflare supports both strong and weak ETags configured at your origin web server.
Weak ETag headers indicate a cached resource is semantically equivalent to the version on the web server but not necessarily byte-for-byte identical.
Strong ETag headers ensure the resource in browser cache and on the web server are byte-for-byte identical. Use Cache Rules to enable strong ETag headers.
When you enable Respect Strong ETags in a cache rule, Cloudflare will use strong ETag header validation to ensure that resources in the Cloudflare cache and on the origin server are byte-for-byte identical.
However, in some situations Cloudflare will convert strong ETags to weak ETags. For example, given the following conditions:
- Respect Strong ETags is enabled
- Brotli compression is enabled
- The origin server's response includes an
etag: "foobar"
strong ETag header
The Cloudflare network will take the following actions, depending on the visitor's accept-encoding
header and the compression used in the origin server's response:
accept-encoding header from visitor | Compression used in origin server response | Cloudflare actions |
---|---|---|
gzip, br | GZIP | Return GZIP-compressed response to visitor with strong ETag header: etag: "foobar" . |
gzip, br | Brotli | Return Brotli-compressed response to visitor with strong ETag header: etag: "foobar" . |
br | GZIP | Decompress GZIP and return uncompressed response to visitor with weak ETag header: etag: W/"foobar" . |
gzip | Brotli | Decompress Brotli and return uncompressed response to visitor with weak ETag header: etag: W/"foobar" . |
gzip | (none) | Return uncompressed response to visitor with strong ETag header: etag: "foobar" . |
Enabling Respect Strong ETags in Cloudflare automatically disables Rocket Loader, Email Obfuscation, Automatic HTTPS Rewrites, and Mirage.
When Respect Strong ETags is disabled, Cloudflare will preserve strong ETag headers set by the origin web server if all the following conditions apply:
- The origin server sends a response compressed using GZIP or Brotli, or an uncompressed response.
- If the origin server sends a compressed response, the visitor accepts the same compression (GZIP, Brotli), according to the
accept-encoding
header. - Rocket Loader and Email Obfuscation features are disabled.
In all other situations, Cloudflare will either convert strong ETag headers to weak ETag headers or remove the strong ETag. For example, given the following conditions:
- Respect Strong ETags is disabled
- Brotli compression is enabled
- The origin server's response includes an
etag: "foobar"
strong ETag header
The Cloudflare network will take the following actions, depending on the visitor's accept-encoding
header and the compression used in the origin server's response:
accept-encoding header from visitor | Compression used in origin server response | Cloudflare actions |
---|---|---|
gzip, br | GZIP | Decompress GZIP and return Brotli-compressed response to visitor (since Brotli compression is enabled) with weak ETag header: etag: W/"foobar" . |
gzip, br | Brotli | Return Brotli-compressed response to visitor with strong ETag header: etag: "foobar" . |
br | GZIP | Decompress GZIP and return Brotli-compressed response to visitor with weak ETag header: etag: W/"foobar" . |
gzip | Brotli | Decompress Brotli and return GZIP-compressed response to visitor with weak ETag header: etag: W/"foobar" . |
gzip | (none) | Compress origin response using GZIP and return it to visitor with weak ETag header: etag: W/"foobar" . |
-
You must set the value in a strong ETag header using double quotes (for example,
etag: "foobar"
). If you use an incorrect format, Cloudflare will remove the ETag header instead of converting it to a weak ETag. -
If a resource is cacheable and there is a cache miss, Cloudflare does not send ETag headers to the origin server. This is because Cloudflare requires the full response body to fill its cache.