Vary Header Misuse — Cache Fragmentation and CDN Caching Problems
About Vary Header Misuse
Fix HTTP Vary header misconfiguration causing excessive cache fragmentation, CDN cache misses, and incorrect content serving across different clients. This guide covers everything you need to know about this topic, including common causes, step-by-step solutions, and answers to frequently asked questions.
Here are the key things to understand: The Vary header tells caches which request headers affect the response content. Vary: Accept-Encoding is common for serving gzip/brotli compressed variants. Overusing Vary (e.g., Vary: User-Agent) can create thousands of cache entries for the same URL. Vary: * effectively disables caching for the response. CDNs may handle Vary differently — some normalize values, others create separate cache entries. Understanding these fundamentals will help you diagnose and resolve this issue more effectively.
The most common reasons this occurs include: Vary: User-Agent creating a separate cache entry for every unique user agent string. Vary: Cookie preventing caching of responses that vary only on authentication status. Framework automatically adding unnecessary Vary headers to all responses. Vary: * unintentionally set, disabling all caching for the endpoint. Identifying the root cause is the first step toward finding the right solution.
To resolve this, follow these recommended steps: Audit your Vary headers: only include headers that genuinely affect the response content. Use Vary: Accept-Encoding for compression variants — this is well-supported by CDNs. Replace Vary: User-Agent with device detection middleware that maps to a small set of variants (mobile/desktop). For user-specific content, use Cache-Control: private instead of Vary: Cookie. Test cache hit rates before and after Vary header changes using CDN analytics. If these steps do not resolve the issue, consider consulting additional resources or a qualified professional.
This article is part of our HTTP Status Codes collection on Error Codes Wiki. We provide comprehensive, up-to-date information to help you find solutions quickly.
Quick Answer
What does Vary: Accept-Encoding do?
It tells caches to store separate versions for each encoding (gzip, brotli, identity). This is standard practice and well-supported by CDNs.
Overview
Fix HTTP Vary header misconfiguration causing excessive cache fragmentation, CDN cache misses, and incorrect content serving across different clients.
Key Details
- The Vary header tells caches which request headers affect the response content
- Vary: Accept-Encoding is common for serving gzip/brotli compressed variants
- Overusing Vary (e.g., Vary: User-Agent) can create thousands of cache entries for the same URL
- Vary: * effectively disables caching for the response
- CDNs may handle Vary differently — some normalize values, others create separate cache entries
Common Causes
- Vary: User-Agent creating a separate cache entry for every unique user agent string
- Vary: Cookie preventing caching of responses that vary only on authentication status
- Framework automatically adding unnecessary Vary headers to all responses
- Vary: * unintentionally set, disabling all caching for the endpoint
Steps
- 1Audit your Vary headers: only include headers that genuinely affect the response content
- 2Use Vary: Accept-Encoding for compression variants — this is well-supported by CDNs
- 3Replace Vary: User-Agent with device detection middleware that maps to a small set of variants (mobile/desktop)
- 4For user-specific content, use Cache-Control: private instead of Vary: Cookie
- 5Test cache hit rates before and after Vary header changes using CDN analytics