Welcome to MSDN Blogs Sign in | Join | Help

Vary with Care

This content was previously published elsewhere. I'm copying it here for broader visibility.

About the Vary Response Header 

As described in the HTTP/1.1 specification (RFC2616), the Vary response header allows a cache to determine if a cached (still fresh) response may be returned for a subsequent request, based on whether or not the new request's headers match those that were sent when the the previously response was originally cached.

  The Vary field value indicates the set of request-header fields that
  fully determines, while the response is fresh, whether a cache is
  permitted to use the response to reply to a subsequent request
  without revalidation. For uncacheable or stale responses, the Vary
  field value advises the user agent about the criteria that were used
  to select the representation.

The Problem

Unfortunately, the WinINET caching engine (below Internet Explorer and other applications) does not cache outbound request headers.  This limitation makes it impossible for WinINET to perform the request-header matching algorithm. 

Hence, Internet Explorer is conservative and generally will refuse to return a cached Vary response for a new request, except under special circumstances, as detailed below.

Internet Explorer 6

Internet Explorer 6 will treat a response with a Vary header as completely uncacheable, unless the Vary header contains only the token User-Agent or Accept-Encoding.  Hence, a subsequent request will be made unconditionally, resulting in a full re-delivery of the unchanged response.

This results in a significant performance problem when Internet Explorer 6 encounters Vary headers.

Internet Explorer 7

For Internet Explorer 7, the problem was not eliminated, but its impact was mitigated in some common cases. 

When evaluating a cached response that has a Vary, IE7 can make a conditional request (e.g. If-Modified-Since) rather than an unconditional request.

In order to take advantage of this improvement, the original response must contain an ETag.

Even though revalidation of cache response will require one round trip to server, it is still a significant improvement if server responds with a HTTP/304, because the response body is not transmitted.

Note, WinINET will remove the Vary: Accept-Encoding header if it decompressed the response.  Therefore, you should only send a Vary: Accept-Encoding header when you have compressed the content (e.g. Content-Encoding: gzip). 7.21.2009: see the comments below for a caveat on this.

Best Practices

  • Never send Vary: Host.  All responses implicitly vary by hostname, because the hostname is a part of the URI, and all requests vary by URI.
  • Only send a Vary: Accept-Encoding header when you have compressed the content (e.g. Content-Encoding: gzip).
Published Wednesday, June 17, 2009 6:31 PM by EricLaw

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# Reflective Perspective - Chris Alcock » The Morning Brew #371

PingBack from http://blog.cwa.me.uk/2009/06/18/the-morning-brew-371/

Thursday, June 18, 2009 3:23 AM by Reflective Perspective - Chris Alcock » The Morning Brew #371

# Findings of June 22 - Jack is Here

PingBack from http://jack-fx.com/interesting-links/4/findings-of-june-22

Monday, June 22, 2009 3:57 AM by Findings of June 22 - Jack is Here

# re: Vary with Care

In a response, Vary indicates content negotiation is occurring, so "Vary: Accept-Encoding" should be sent even when the non-encoded version is sent.

If you don't, proxies may end up caching only the non-encoded version. <a href="http://wiki.squid-cache.org/KnowledgeBase/VaryNotCaching">Squid does this</a>.

What I haven't figured out is what to do about IE6 without the "SV1" in the UA. You can't reliably send gzipped JS to it, but if you leave off Vary and the request passes through a proxy, you've eliminated the ability of the cache to store the gzipped version.

Tuesday, July 21, 2009 2:17 PM by Steve Clay

# re: Vary with Care

@Steve Clay: From a protocol-perspective, of course you are correct. The point of this post is to explicitly state that using Vary: Accept-Encoding on uncompressed responses hurts performance in the most popular user-agents.

Squid could work around their limitation in the most common case (e.g. don't blindly delete compressed, cached variants that are still fresh).

An IE6 user who is current on patches should be able to properly decompress any response -- XPSP2 (identified by the SV1) shouldn't be required. In contrast, an IE6 user who is not current on patches has probably already been pwned by the bad guys.

Tuesday, July 21, 2009 2:30 PM by EricLaw [MSFT]

# re: Vary with Care

You wrote : "unless the Vary header contains only the token User-Agent or Accept-Encoding."

And if the Vary header is:

"Vary: Accept-Encoding,User-agent"

does IE6 treat the response as uncacheable?

Thanks in advance

Thursday, July 30, 2009 9:26 AM by Benjamin

# re: Vary with Care

Eric,

I'm starting to think that IE6's behaviour is preferable to IE7's.

Since it (presumably) controls the UA and AE headers, and doesn't allow their modification (using XHR, etc.), IE6 can safely strip Vary: UA and AE, and treat those responses as fresh. IE7, OTOH, forces revalidation on these responses.

Why not combine the behaviours and force revalidation on anything with a Vary that's *not* AE or UA? That seems like the most performance and safest thing you can do without remembering request headers...

Also, I don't think it's as easy as you say for Squid to correct their behavour; there's no simple way for them to differentiate between a server that doesn't set correct headers and one that has stopped supporting compression.

Cheers,

Sunday, October 18, 2009 6:50 PM by Mark Nottingham

# re: Vary with Care

@Mark: IIRC, IE7 & IE8 also ignore the Vary: User-Agent directive.

It's also important to recall that IE6 doesn't simply revalidate Vary'ing responses; it doesn't cache them at all.

Monday, October 19, 2009 8:05 AM by EricLaw [MSFT]

# re: Vary with Care

Hi Eric,

Right, but IE6 will cache something that varies on AE or UA, right? Do 7 and 8 also ignore Vary: Accept-Encoding? If so, this isn't a big problem in the common(est) case...

Cheers,

Tuesday, October 20, 2009 1:36 AM by Mark Nottingham

Leave a Comment

(required) 
required 
(required) 

  
Enter Code Here: Required
 
Page view tracker