check etag caching on the client rather than trusting the server
HTTP server's etags have been shown to be a technique that servers can easily track clients. The server can choose an etag to represent a user, then when the client comes back and presents the same etag, the server knows its the same user. To fix this, the client should do the etag checking.
Proposed solution: Make a HEAD request first and compare the etag with the stored one. If it does not match, then send the GET request, but without If-none-match header. This gives the server only one try to guess the etag.