fir3net
PPS-Firenetbanner-780.5x190-30-03-17

What is the Vary HTTP Header used for ?

The Vary Header

The vary header is sent within the servers response to the client and instructs any intermediary caches to cache a separate instance based on the headers specified within the vary header.

Encoding Headers

As our example is based around the following HTTP headers, here is a quick summary of each,

  • Content-Encoding (HTTP Response) - The "Content-Encoding" header is sent within the servers response to notify the client which compression scheme was used to compress the response data.
  • Accept-Encoding (HTTP Request) - The "Accept-Encoding" header is sent within the clients request to inform the server which compression schemes it supports.

Example

Consider the following example.

  1. A client sends a request to the server with the 'Accept-Encoding: gzip' header set.
  2. The server responds with the header 'Content-Encoding: gzip' along with the compressed data.
  3. The intermediary proxy caches the response.
  4. Another client then sends a request, however this time without the 'Accept-Encoding' header.
  5. The proxy returns the previously cached entry, which the client is unable to understand as its compressed.

Now consider the previous scenario. However this time the server adds the 'Vary' header to the response (within step 2). The proxy would then cache multiple versions of the response, one for each value of the Accept-Encoding header.

Below shows an example of the header within a HTTP response.

[root@william ~]# curl -IL http://www.fir3net.com
HTTP/1.1 200 OK
Date: Wed, 28 Aug 2013 12:02:27 GMT
Server: Apache
Set-Cookie: f71b6edf06ff1b3592582aad6e51abf7=7q7sqn6l02mbmngrvag50h7kp5; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Status: 200 OK
Expires: Wed, 28 Aug 2013 12:17:28 GMT
Vary: Accept-Encoding

 

Reference

http://mgalalm.com/2012/08/02/understand-server-http-headers-vary-accept-encoding/

 

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001