HTTP Vary: Cookie vs Cache-Control: private

Asked 5/3, 2014 at 23:31 Answered 14/5, 2020 at 22:14

Solved caching cookies http-headers cache-control vary

I am writing a web application framework. To properly support reverse proxy servers, I want to make sure that whenever the web application is accessing cookie data, pages that are sent to the user are cached only for that user. As far as I know, there are two ways of achieving this:

header('Vary: Cookie');

header('Cache-Control: private');

The immediate benefit of using Vary: Cookie is that a reverse proxy server will cache non-authenticated requests. However, we're using Google Analytics which create cookies through javascript - so I am afraid the Vary: Cookie method is unusable?

Pattison answered 5/3, 2014 at 23:31 Comment(0)

-1

Cookies set by a script served by a given domain will only be sent to that domain.

The proxy will not receive the cookies set by google analytics.

Winy answered 1/12, 2014 at 15:36 Comment(1)

Google Analytics does however set cookies on the domain itself (first party cookie), not on googles domain. This is the principle of how it works. – Cent 19/3, 2019 at 16:51

For your case (using Google Analytics), this will not work as GA sets first-party cookies for ".yourdomain.tld"

As of now, I'm seeing the following first party cookies set by Google Analytics:

_gat_gtag_UA_#####_# 
_ga 
_gid

Hunter answered 14/5, 2020 at 22:14 Comment(0)

-1

Cookies set by a script served by a given domain will only be sent to that domain.

The proxy will not receive the cookies set by google analytics.

Winy answered 1/12, 2014 at 15:36 Comment(1)

Google Analytics does however set cookies on the domain itself (first party cookie), not on googles domain. This is the principle of how it works. – Cent 19/3, 2019 at 16:51

Recommended topics

Hot tags