What is the Vary HTTP Header used for ?

The Vary Header

The vary header is sent within the servers response to the client and instructs any intermediary caches to cache a separate instance based on the headers specified within the vary header.

Encoding Headers

As our example is based around the following HTTP headers, here is a quick summary of each,

  • Content-Encoding (HTTP Response) – The “Content-Encoding” header is sent within the servers response to notify the client which compression scheme was used to compress the response data.
  • Accept-Encoding (HTTP Request) – The “Accept-Encoding” header is sent within the clients request to inform the server which compression schemes it supports.

Example

Consider the following example.

  1. A client sends a request to the server with the ‘Accept-Encoding: gzip’ header set.
  2. The server responds with the header ‘Content-Encoding: gzip’ along with the compressed data.
  3. The intermediary proxy caches the response.
  4. Another client then sends a request, however this time without the ‘Accept-Encoding’ header.
  5. The proxy returns the previously cached entry, which the client is unable to understand as its compressed.

Now consider the previous scenario. However this time the server adds the ‘Vary’ header to the response (within step 2). The proxy would then cache multiple versions of the response, one for each value of the Accept-Encoding header.

Below shows an example of the header within a HTTP response.

[root@william ~]# curl -IL https://www.fir3net.com
HTTP/1.1 200 OK
Date: Wed, 28 Aug 2013 12:02:27 GMT
Server: Apache
Set-Cookie: f71b6edf06ff1b3592582aad6e51abf7=7q7sqn6l02mbmngrvag50h7kp5; path=/
P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM”
Status: 200 OK
Expires: Wed, 28 Aug 2013 12:17:28 GMT
Vary: Accept-Encoding

 

Rick Donato

Want to become a networking expert?

Here is our hand-picked selection of the best courses you can find online:
Cisco CCNA 200-301 Certification Gold Bootcamp
Complete Cyber Security Course – Network Security
Internet Security Deep Dive course
Python Pro Bootcamp
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial