HttpFixer โ†’ Glossary โ†’ Vary Header
HTTP Header

Vary Header

Last updated: April 2026

The Vary response header tells caches which request headers affect the response content. The cache must store separate copies for each unique combination of those header values.

Common uses

Vary: Accept-Encoding โ€” the most common use. Tells caches to store separate copies for gzip, brotli, and uncompressed responses.

Vary: Accept-Encoding

Vary: Origin โ€” used with CORS. Tells caches to store separate copies per origin so CORS headers are not served to the wrong origin.

Vary: Origin

Vary: Accept โ€” for content negotiation (JSON vs HTML responses from the same URL).

Vary: Accept

Nginx โ€” set Vary for compression

gzip on;
gzip_vary on;  # automatically adds Vary: Accept-Encoding

CORS + Vary: Origin

location /api/ {
    add_header Access-Control-Allow-Origin $http_origin always;
    add_header Vary Origin always;  # critical when origin varies
    proxy_pass http://backend;
}
โš  Vary: * tells caches the response is always unique and should never be cached. Avoid it unless you have a specific reason.

Verify your Vary header

curl -sI https://yoursite.com | grep -i vary
Related: EdgeFix โ€” audit cache headers Cache-Control CORS on Nginx
📚 HttpFixer Glossary โ€” all terms โ†’