Accept and Vary Headers
now that i'm doing things with the Accept header, i'm also learing to deal with the after-effects by using the Vary header. and i see how it can get complicated.
for example, when i negotiate the representation based on the Accept request header, i should send the Vary: Accept response header with the results. makes sense.
but i could also be using cookies. right now, i just mark any request that contains a cookie as Cache-Control:private. that's simple. no need to use the Vary header there.
but i also use Authorization headers quite a bit. and i mark these responses as non-cacheable, too. that can knock out a lot of my pages from the cache (assuming public caches are actually *keeping* these pages[grin]). but i guess i could use the Vary: Authorization header. does that make sense? am i suggesting that caches keep track of the authorization values for requests?
this could help with allowing caches to keep a copy of the public (non-auth'ed) versions of the same pages. but i think that's just over the top. i don't need to make the same URLs auth and un-auth flavors, right? i should just use a diff URL for the auth flavor (/{user}/index.html), right?