Vary Header
Tells CDNs which request headers affect the response, so they cache separate versions.
Vary lists request header names whose values select among different representations. A classic case is Vary: Accept-Encoding so gzip and brotli bodies are not mixed. CORS-aware APIs often need Vary: Origin when the server echoes different Access-Control-Allow-Origin values.
Why developers care
Without Vary: Origin, a CDN might cache the first user’s permissive CORS response and hand it to a different origin—security bug plus mysterious client failures. Adding Vary increases cache cardinality; you balance correctness vs hit ratio. EdgeFix surfaces what your edge actually returns after compression and CORS.
Example
Vary: Accept-Encoding, Origin