Skip to content

Remove etag from HTTP GET requests to prevent tracking.

Fixes #562 (closed).

While we're doing the HEAD request, we also get the etag sent back from the server for caching purposes. In the past we had a more typical workflow of:

  • Make a GET request to download the file
  • Attach an If-None-Match to the request with the etag we received from the server earlier.
  • Possibly receive a 304 (Cached) response.

The reason we don't do this any more is that it allows for servers to send custom etags to different users and thus track downloads made by each user. Thus now we only ever ask for etags and then do our own comparison, rather than sending etags and letting the server decide if they match or not.

Merge request reports