Question regarding Vary Header

  • Hi,

    It has been discussed before that WP Super Cache is by default using Accept-Encoding, Cookie for the Vary header and has been said that it is not recommended to remove the cookie because it might cause cached content to leak sensitive data.

    Unless I am missing something, wouldn’t setting Accept-Encoding, Cookie ONLY for logged in users solve this problem?

    Also I am not understanding how this can affect caching if Do not Cache logged-in users is enabled.

    The server itself shouldn’t serve logged-in user cached pages. Only an intermediate proxy would do that and only if it ignores cache-control..?

    Thanks in advance.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Donncha O Caoimh (a11n)

    (@donncha)

    That would probably be right but it’s such a critical configuration that it would be very bad if the user accidentally changed that setting and the header wasn’t changed. It’s much safer leaving it the way it is.

    Thread Starter SGURYGF

    (@sgurygf)

    Thanks for your reply. It’s indeed safer but it affects performance which what the plugin is about ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Question regarding Vary Header’ is closed to new replies.