Why is Vary: User-Agent bad?

There are thousands of unique User-Agent strings. Each creates a separate cache entry, effectively defeating caching. Use a smaller set of variants like Vary: Sec-CH-UA-Mobile instead.

How does Vary affect CDN caching?

CDNs create separate cache entries for each unique combination of Vary header values. Too many variants reduce cache hit rates and increase origin load.

Vary Header Misuse — Cache Fragmentation and CDN Caching Problems

Informational3xx redirection

Overview

Fix HTTP Vary header misconfiguration causing excessive cache fragmentation, CDN cache misses, and incorrect content serving across different clients.

Key Details

The Vary header tells caches which request headers affect the response content
Vary: Accept-Encoding is common for serving gzip/brotli compressed variants
Overusing Vary (e.g., Vary: User-Agent) can create thousands of cache entries for the same URL
Vary: * effectively disables caching for the response
CDNs may handle Vary differently — some normalize values, others create separate cache entries

Common Causes

Vary: User-Agent creating a separate cache entry for every unique user agent string
Vary: Cookie preventing caching of responses that vary only on authentication status
Framework automatically adding unnecessary Vary headers to all responses
Vary: * unintentionally set, disabling all caching for the endpoint

Steps

1Audit your Vary headers: only include headers that genuinely affect the response content
2Use Vary: Accept-Encoding for compression variants — this is well-supported by CDNs
3Replace Vary: User-Agent with device detection middleware that maps to a small set of variants (mobile/desktop)
4For user-specific content, use Cache-Control: private instead of Vary: Cookie
5Test cache hit rates before and after Vary header changes using CDN analytics