Page MenuHomePhabricator

X-Vary-Options header should be configurable, not sent to users
Closed, ResolvedPublic


MediaWiki sends a custom X-Vary-Options header on responses. The reason for doing so is described here:

An example:
X-Vary-Options: Accept-Encoding;list-contains=gzip,Cookie;string-contains=ruToken;string-contains=ruLoggedOut;string-contains=ru_session\r\n

This header helps patched caches. However for those sites which don't have that patch applied, or who don't use Squid at all - i.e. pretty much everyone outside Wikimedia - this feature just adds around 137 uncompressed bytes of useless padding per request.

This header should be optional, and off by default, unless/until this patch is accepted upstream in Squid.

FWIW, I also feel this header should also be stripped out from Wikimedia responses going to end-users (==if there is no Via: header in the request), otherwise you're needlessly sending them ~260 uncompressed bytes per request:
X-Vary-Options: Accept-Encoding;list-contains=gzip,Cookie;string-contains=enwikiToken;string-contains=enwikiLoggedOut;string-contains=enwiki_session;string-contains=centralauth_Token;string-contains=centralauth_Session;string-contains=centralauth_LoggedOut

This would presumably involve changing the Squid patch itself.

Version: unspecified
Severity: minor



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:38 PM
bzimport set Reference to bz19849.

Created attachment 6375
Require $wgUseXVO = true; to send X-Vary-Options header


Assinging to self for review...