On Wed, Feb 3, 2010 at 2:34 PM, Maciej Stachowiak <m...@apple.com> wrote:
> I don't think I've ever seen a Web server send "Vary: Cookie". I don't know 
> offhand if they consistently send enough cache control headers to prevent 
> caching across users.

I've been doing a little poking around. Wikipedia sends "Vary:
Cookie". Wikipedia additionally uses "Cache-Control: private", as do
some other sites I checked. Other sites seem to be relying on
revalidation of cached entries by making them already expired.


"Waterken News: Capability security on the Web"

Reply via email to