It is known that the ETag HTTP Header can be used for tracking website visitors, even if the visitor is using a Private window and HTTP Cookies and/or JavaScript is disabled.
The user should have an option that allows them to disable the ETag HTTP Header, as this can improve the user's privacy.
IMPORTANT NOTE: The ETag HTTP Header can be used for good (see the relevant resources above), but it can also be easily abused, which is why the user should have an option to disable it if they want to and feel like that can improve their web browsing privacy.
Also, taken out of context from the MDN Web Docs: "If the resource at a given URL changes, a new Etag value must be generated. A comparison of them can determine whether two representations of a resource are the same. Etags are therefore similar to fingerprints, and might also be used for tracking purposes by some servers. They might also be set to persist indefinitely by a tracking server."
Actual result:
There is no option in the browser Settings that allows the user to disable the ETag HTTP Header.
Expected result:
There should be an option in the browser Settings that allows the user to disable the ETag HTTP Header.
Miscellaneous Information:
I think that it is expected from a privacy-focused web browser to offer such feature.
While writing this I have thought of more feature ideas worth mentioning:
An option to Disable Images from being displayed or loaded in an HTML page (since the img HTML Element can also be used for tracking website visitors)
An option to Disable Frames (embedding another HTML page into the current one)
An option to Disable Style sheets (this might be useful for debugging purposes, and since disabling JavaScript is already a feature, I don't see why this should not be)
I hope that you consider these I listed above too, I didn't bother creating another issue just to mention these three feature ideas.
Description
It is known that the ETag HTTP Header can be used for tracking website visitors, even if the visitor is using a Private window and HTTP Cookies and/or JavaScript is disabled. The user should have an option that allows them to disable the ETag HTTP Header, as this can improve the user's privacy.
Relevant resources you should have a look at:
IMPORTANT NOTE: The ETag HTTP Header can be used for good (see the relevant resources above), but it can also be easily abused, which is why the user should have an option to disable it if they want to and feel like that can improve their web browsing privacy.
Also, taken out of context from the MDN Web Docs: "If the resource at a given URL changes, a new Etag value must be generated. A comparison of them can determine whether two representations of a resource are the same. Etags are therefore similar to fingerprints, and might also be used for tracking purposes by some servers. They might also be set to persist indefinitely by a tracking server."
Actual result:
There is no option in the browser Settings that allows the user to disable the ETag HTTP Header.
Expected result:
There should be an option in the browser Settings that allows the user to disable the ETag HTTP Header.
Miscellaneous Information:
I think that it is expected from a privacy-focused web browser to offer such feature.