HTTP Caching, POST, and Vary Headers

Um, yeah, so this should be obvious but was a "derp" moment for me.

When you're generating content from a web service, you can specify a Cache-Control: public to indicate "this can be cached on the client, on the server, and by proxies", and Vary header to indicate that different client headers (e.g. Accept) should yield different results (so the result of a prior PNG request doesn't get served up for a PDF request, etc).

ASP.NET provides server side caching, and you may want to specify (in the ASPX page) <%@ OutputCache VaryByParam="*" %> so that the server caches different data for http://site/page.aspx?var=1 vs. http://site/page.aspx?var=2

But (here's the head-slapping bit):
  • The ASP.NET VaryByParam directive has nothing to do with the HTTP Vary header, which controls varying by other HTTP headers.
  • Even if you have a header of Vary: * it can't prevent client-side caching based on POSTed data, since that isn't included in the HTTP headers.

EDIT: This is a great example of correct - but non-intuitive - separation of concerns. The transport layer - HTTP - is ignorant of the data being transported (and only marginally aware of the metadata in the headers), and the cache operates in the transport layer. Oh, and the solution: Forbid response caching (Cache-Control: no-cache) if the HTTP method is POST.


  1. For me, it was a work of techno-art, far above the understanding of mortal men.

    For you, it was Tuesday.

    *thumbs up*


Post a Comment