Panel Discussion: API Security in DevSecOps. Watch the Recording

Panel Discussion: API Security in DevSecOps. Watch the Recording

Panel Discussion: API Security in DevSecOps. Watch the Recording

/

/

304 Status Code - Not Modified

304 Status Code - Not Modified

304 Status Code - Not Modified
304 Status Code - Not Modified
304 Status Code - Not Modified

Luke Stephens

Luke Stephens

Luke Stephens

What is 304 HTTP Status Code?

The HTTP Status Code 304, termed as "Not Modified", is a special redirection response status code. Unlike other redirection codes that tell the client where to find the resource, 304 Not Modified informs the client that the version of the resource they currently have in cache is still the latest one, and there's no need to re-fetch it. This is particularly useful for optimizing web performance by reducing unnecessary data transfer.

Understanding Return Code 304

  • Cache Verification: The 304 Not Modified response is often tied to cache mechanisms. When a client possesses a cached version of a resource, it can check with the server if that version is still valid. If it is, the server returns a 304 Not Modified.

HTTP/1.1 304 Not Modified
  • Etag & Last-Modified Headers: To facilitate this cache validation, the server often uses headers like Etag or Last-Modified. When the client makes a subsequent request, it includes these headers, and the server can then determine whether the resource has changed since the last fetch.

Etag: "123456789"
Last-Modified: Wed, 21 Oct 2020 07:28:00 GMT

Why 304 Not Modified?

The 304 Not Modified status code is instrumental in enhancing web performance. By informing the client that their cached resource is still valid, it eliminates the need for re-downloading the same data, thus saving bandwidth and speeding up load times.

Benefits of 304 Not Modified

  • Optimized Web Performance: By preventing unnecessary data transfers, load times are improved, leading to a smoother user experience.

  • Bandwidth Conservation: Especially for large web resources or users with limited bandwidth, using the cache effectively can lead to substantial bandwidth savings.

How does 304 Not Modified Work?

  1. Client Sends a Conditional Request:

    The client, possessing a cached resource, sends a request to the server, including headers like If-None-Match (for Etags) or If-Modified-Since (for Last-Modified) to check if the resource has changed.

GET /image.jpg HTTP/1.1
Host: www.example.com
If-None-Match: "123456789"
  1. Server Evaluates & Responds:

    The server checks the resource against the provided headers. If the resource hasn't changed, it returns a 304 Not Modified. If it has, it sends the updated resource.

HTTP/1.1 304 Not Modified

Components of a 304 Not Modified Response

A 304 Not Modified response generally contains:

  • Status Line: Signifying the 304 Not Modified status code.

HTTP/1.1 304 Not Modified
  • Headers: While the response body remains empty (since the resource isn't sent), headers like Date, Cache-Control, and others can still be included.

Example of 304 Not Modified

Image Caching:

GET /logo.png HTTP/1.1
Host: www.example.com
If-Modified-Since: Wed, 21 Oct 2020 07:28:00 GMT

Response:

HTTP/1.1 304 Not Modified

Here, the client has an image (logo.png) cached and is checking if the version from October 21, 2020, is still the latest. The server confirms that the image hasn't changed since that date, so it returns a 304 Not Modified, and the client uses its cached version.

Conclusion

The 304 Not Modified status code is a cornerstone of efficient web performance, leveraging caching mechanisms to provide users with faster load times and reduce server load. By ensuring that only modified or new resources are fetched, it optimizes bandwidth use and offers a more streamlined web experience.

Learn about other codes in 3xx family of HTTP status codes such as 302 Status Code, 301 Status Code and 307 Status Code.

On this page

Title

Protect your APIs from attacks now

Protect your APIs from attacks now

Protect your APIs from attacks now

Explore more from Akto

Blog

Be updated about everything related to API Security, new API vulnerabilities, industry news and product updates.

Events

Browse and register for upcoming sessions or catch up on what you missed with exclusive recordings

CVE Database

Find out everything about latest API CVE in popular products

Test Library

Discover and find tests from Akto's 100+ API Security test library. Choose your template or add a new template to start your API Security testing.

Documentation

Check out Akto's product documentation for all information related to features and how to use them.