Reputation: 1667
HTTP Vary: Cookie vs Cache-Control: private
I am writing a web application framework. To properly support reverse proxy servers, I want to make sure that whenever the web application is accessing cookie data, pages that are sent to the user are cached only for that user. As far as I know, there are two ways of achieving this:
header('Vary: Cookie');
or
header('Cache-Control: private');
The immediate benefit of using Vary: Cookie is that a reverse proxy server will cache non-authenticated requests. However, we're using Google Analytics which create cookies through javascript - so I am afraid the Vary: Cookie method is unusable?
Upvotes: 7
Views: 4243
Answers (2)
Reputation: 564
For your case (using Google Analytics), this will not work as GA sets first-party cookies for ".yourdomain.tld"
As of now, I'm seeing the following first party cookies set by Google Analytics:
_gat_gtag_UA_#####_#
_ga
_gid
Upvotes: 1
Reputation: 66
Cookies set by a script served by a given domain will only be sent to that domain.
The proxy will not receive the cookies set by google analytics.
Upvotes: -1
Related Questions
- What is Cache-Control: private?
- Which Cache-Control header values are used by client/server?
- If a Cache-Control directive is present on request and response header, which takes precedence?
- Cache-Control: 'private' makes 'no-cache="set-cookie"' unnecessary?
- Why isn't the browser respecting the Cache-Control header?
- Cache-Control Header and Conditional Requests
- Cache-control in response headers
- Which are the optimum cache-related HTTP headers for a content that can change?
- Impact of Cache-control header as request header
- Private vs Public in Cache-Control