Skip to main content
SecScannerSecScanner
Security ChecksFree ToolsPricingBlog
Get Started
Sign InGet Started
All Security Checks
HeadersLow PriorityPro

Vary: Origin header (CORS caching)

The Vary header tells caches to store separate versions of responses based on request headers like Origin.

Why It Matters

Without Vary: Origin, CDNs might cache CORS responses with one origin and serve them for different origins, causing security issues or broken functionality.

How We Check

We verify that responses with dynamic CORS headers include `Vary: Origin` to ensure proper caching behavior.

How to Fix

Add Vary: Origin to any response that sets Access-Control-Allow-Origin dynamically based on the request.

Related Security Checks

Headers

Access-Control-Allow-Origin

Related Tool

CORS Checker

Run all 6 related checks with our free cors checker

Check Your Website Now

Run a free security scan to check for Vary: Origin header (CORS caching) issues and 58+ other security vulnerabilities.

Scan Your Website Free

Product

  • Security Checks
  • Free Tools
  • SSL Checker
  • Vulnerability Scanner
  • Email Security
  • Pricing
  • Compliance
  • Security Reports

Popular Checks

  • CSP Check
  • HSTS Check
  • TLS Version Check
  • SSL Expiry Check
  • SPF/DKIM/DMARC Check
  • Cookie Security Check
  • JS Vulnerability Scan
  • OCSP Stapling Check

Resources

  • Blog
  • Glossary
  • Contact

Legal

  • Terms of Use
  • Privacy Policy
  • Refund Policy
  • Cookie Policy

© 2025-2026 SecScanner. All rights reserved.