Support » Plugin: WP Super Cache » Question regarding Vary Header

  • SGURYGF

    (@sgurygf)


    Hi,

    It has been discussed before that WP Super Cache is by default using Accept-Encoding, Cookie for the Vary header and has been said that it is not recommended to remove the cookie because it might cause cached content to leak sensitive data.

    Unless I am missing something, wouldn’t setting Accept-Encoding, Cookie ONLY for logged in users solve this problem?

    Also I am not understanding how this can affect caching if Do not Cache logged-in users is enabled.

    The server itself shouldn’t serve logged-in user cached pages. Only an intermediate proxy would do that and only if it ignores cache-control..?

    Thanks in advance.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Donncha Ó Caoimh

    (@donncha)

    That would probably be right but it’s such a critical configuration that it would be very bad if the user accidentally changed that setting and the header wasn’t changed. It’s much safer leaving it the way it is.

    SGURYGF

    (@sgurygf)

    Thanks for your reply. It’s indeed safer but it affects performance which what the plugin is about 🙂

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.