Syntax for ETag?

etag example
etag vulnerability
etag if-match
etag meaning
nginx etag
etag vs last-modified
file etags
etag rfc

Redbot reports that my webpage has invalid header:

The ETag header's syntax isn't valid.

My headers are set to:

ETag: 4ae413bd

Why is it invalid?

What is the syntax for an ETag?

Try ETag: "4ae413bd". The value of an ETag must follow the ABNF form:

  entity-tag = [ weak ] opaque-tag
  weak       = "W/"
  opaque-tag = quoted-string

  quoted-string  = ( <"> *(qdtext | quoted-pair ) <"> )
  qdtext         = <any TEXT except <">>
  quoted-pair    = "\" CHAR
  CHAR           = <any US-ASCII character (octets 0 - 127)>
  TEXT           = <any OCTET except CTLs, but including LWS>
  OCTET          = <any 8-bit sequence of data>
  LWS            = [CRLF] 1*( SP | HT )
  CTL            = <any US-ASCII control character (octets 0 - 31) and DEL (127)>
  CRLF           = CR LF
  CR             = <US-ASCII CR, carriage return (13)>
  LF             = <US-ASCII LF, linefeed (10)>
  SP             = <US-ASCII SP, space (32)>
  HT             = <US-ASCII HT, horizontal-tab (9)>

, which is basically ([wW]/)?"([^"]|\\")*" in regular regex.

Note that both "\" and "/" are valid values for etags.

References: section-14.19, section-3.11, section-2.2.

Syntax for ETag?, Try ETag: "4ae413bd" . The value of an ETag must follow the ABNF form: entity-​tag = [ weak ] opaque-tag weak = "W/" opaque-tag  Syntax ETag: W/"<etag_value>" ETag: "<etag_value>" Directives W/ Optional 'W/' (case-sensitive) indicates that a weak validator is used. Weak etags are easy to generate, but are far less useful for comparisons. Strong validators are ideal for comparisons but can be very difficult to generate efficiently.

As Arnaud mentioned, make sure that you have quoted the value.

replace

new EntityTagHeaderValue("0");

with

new EntityTagHeaderValue("\"0\"");

HTTP ETag, ETag. The "ETag" header field in a response provides the current entity-tag for the This section defines the syntax and semantics of HTTP/1.1 header fields for​  An ETag (entity tag) is an HTTP response header returned by an HTTP/1.1 compliant web server used to determine change in content of a resourceat a given URL. The value of the header is an opaque string representing the state of the resource at the time the response was generated. The ETag header is used as specified in [RFC2616].

"An ETag is an opaque identifier assigned by a web server to a specific version of a resource found at a URL". This means it can be pretty much anything.

The problem is probably the syntax, use:

ETag: "4ae413bd"

RFC 7232, This section defines the syntax and semantics of all standard HTTP/1.1 header The ETag response-header field provides the current value of the entity tag for  Followings are the general high level steps where response header 'ETag' along with conditional request header 'If-None-Match' is used to cache the resource copy in the client browser: Server receives a normal HTTP request for a particular resource, say XYZ. The server side prepares the response.

If you got here because of the stack trace below, make sure you uncheck the "Enable Browser Link" option in Visual Studio that causes this error :

Conversion> [13:31:10 ERR] Connection id "0HLJ153E20LDJ", Request id "0HLJ153E20LDJ:00000003": An unhandled exception was thrown by the application.
Conversion> System.ObjectDisposedException: The response has been aborted due to an unhandled application exception. ---> System.FormatException: Invalid ETag name
Conversion>    at Microsoft.Net.Http.Headers.EntityTagHeaderValue..ctor(StringSegment tag, Boolean isWeak)
Conversion>    at Microsoft.Net.Http.Headers.EntityTagHeaderValue..ctor(StringSegment tag)
Conversion>    at Microsoft.VisualStudio.Web.BrowserLink.BrowserLinkMiddleWareUtil.AddToETag(ResponseHeaders responseHeader, Int32 port)
Conversion>    at Microsoft.VisualStudio.Web.BrowserLink.BrowserLinkMiddleware.<>c__DisplayClass7_0.<ExecuteWithFilter>b__0()
Conversion>    at Microsoft.AspNetCore.Http.HttpResponse.<>c.<.cctor>b__30_0(Object callback)
Conversion>    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.FireOnStartingMayAwait(Stack`1 onStarting)
Conversion>    --- End of inner exception stack trace ---
Conversion>    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ThrowResponseAbortedException()
Conversion>    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.InitializeResponseAsync(Int32 firstWriteByteCount)
Conversion>    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.WriteAsync(ReadOnlyMemory`1 data, CancellationToken cancellationToken)
Conversion>    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpResponseStream.WriteAsync(Byte[] buffer, Int32 offset, Int32 count, CancellationToken cancellationToken)
Conversion>    at System.IO.Stream.WriteAsync(Byte[] buffer, Int32 offset, Int32 count)
Conversion>    at Microsoft.VisualStudio.Web.BrowserLink.ScriptInjectionFilterStream.<>c__DisplayClass37_0.<<CreateResponseHandler>b__0>d.MoveNext()
Conversion> --- End of stack trace from previous location where exception was thrown ---
Conversion>    at Microsoft.VisualStudio.Web.BrowserLink.SocketReader.ReadBytesIntoResponseHandler(Int64 totalBytesToRead, ResponseHandler handler, CancellationToken cancellationToken)
Conversion>    at Microsoft.VisualStudio.Web.BrowserLink.HttpSocketAdapter.ResponseReader.ReadBytesIntoResponse(Int64 bytesToRead)
Conversion>    at Microsoft.VisualStudio.Web.BrowserLink.HttpSocketAdapter.ResponseReader.ReadChunkedContent()
Conversion>    at Microsoft.VisualStudio.Web.BrowserLink.HttpSocketAdapter.ResponseReader.ReadResponse()
Conversion>    at Microsoft.VisualStudio.Web.BrowserLink.DelayConnectingHttpSocketAdapter.Microsoft.VisualStudio.Web.BrowserLink.IHttpSocketAdapter.WaitForResponseComplete()
Conversion>    at Microsoft.VisualStudio.Web.BrowserLink.ScriptInjectionFilterStream.WaitForFilterComplete()
Conversion>    at Microsoft.VisualStudio.Web.BrowserLink.BrowserLinkMiddleware.ExecuteWithFilter(IHttpSocketAdapter injectScriptSocket, String requestId, HttpContext httpContext)
Conversion>    at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
Conversion>    at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
Conversion>    at Microsoft.AspNetCore.Server.IISIntegration.IISMiddleware.Invoke(HttpContext httpContext)
Conversion>    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpProtocol.ProcessRequests[TContext](IHttpApplication`1 application)

HTTP/1.1: Header Field Definitions, The syntax of the ETag header is defined as follows: ETag = "ETag" ":" entity-tag CRLF ; exactly as specified in [RFC2616] section 14.19 entity-tag  An ETag is an identifier that specifies a particular version of a particular entry. The server attaches an ETag to entry and feed elements that it sends to clients. When an entry or feed changes, its ETag changes as well. The Google Data APIs provide ETags in two places: in an ETag HTTP header, and in a gd:etag attribute of <feed> and <entry

[MS-ODATA]: ETag, The Google Data APIs provide ETags in two places: in an ETag HTTP header, and in The format of the fields query parameter value is based on XPath syntax​;  14 Header Field Definitions This section defines the syntax and semantics of all standard HTTP/1.1 header fields. For entity-header fields, both sender and recipient refer to either the client or the server, depending on who sends and who receives the entity.

Protocol Reference | Google Data APIs, Response Codes · Query Responses · Query Syntax; Resource Versioning; Data Centers ETags are useful to developers in a number of circumstances. First, developers can use ETags to perform conditional retrieval to avoid retrieving a  Basic Tutorial The Open Data Protocol (OData) is a data access protocol built on core protocols like HTTP and commonly accepted methodologies like REST for the web. There are various kinds of libraries and tools can be used to consume OData services.

Resource Versioning, As a result, by default the server is asked not to generate an ETag header for the Syntax: SSIETag on|off Default: SSIETag off Context: directory, .htaccess  Our Services. eTags vehicles registration services provide many additional benefits. We offer online services and helpful information for new car registration, registration renewals, title transfers, change of address, motor vehicle records and driver licenses.

Comments
  • Although HTTP 1.1 allows "\", the draft of HTTP 1.1 bis does not. In 2007, the W3C considered this issue - see w3.org/Protocols/HTTP/1.1/rfc2616bis/issues/#i31 - and decided that the grammar was wrong. It was fixed in draft 04. You can see the edit at greenbytes.de/tech/webdav/…. So whenever HTTP 1.1 bis eventually ships (assuming that it does) "\" will no longer be valid, so you would be wise to avoid it, even though it's technically allowed today.
  • @IanGriffiths, what's the estimated shipping date?
  • I think the plan is for it to be submitted as a proposed standard in September 2013. (The relevant working group's last call was supposed to close earlier this year, and I think that did go ahead as planned.) I don't think there's a plan for how long it takes for it to move from "proposed" to fully fledged - I believe that depends on things that only become apparent later (e.g., rate of adoption, whether problems are found).
  • In layman's terms: the value MUST begin and end with " (double quotes)
  • Updated version of RFC tools.ietf.org/html/rfc7232#section-2.3. It doesn't allow to use spaces e.g.