[pierrefar]

Before anyone thinks this (and similar) approaches are a way around the GDPR's cookie consent tracking crackdown: It's not.

The GDPR talks about online identifiers, of which cookies, IP address and fingerprints are examples. If you read any regulator's guidance carefully, you'll see they talk about "cookies and similar technologies", with just "cookies" being used alone for brevity.

To rephrase tracking of any kind is the issue, not cookies. Don't mistake the implementation for the activity.

Disclosure: Founder of a non-tracking web analytics service because of this exact issue.

[lucb1e]

All true. Small note: whereas cookies are easy to identify as tracking, etags have a legitimate purpose and you might not know that you're being tracked by this method. It would be illegal not to disclose it, so I doubt any self respecting company would do it, but also hard to detect.