Hacker News new | past | comments | ask | show | jobs | submit login

lol... and then I come into work and find out from my colleague that actually Cloudflare now disables the Via header by default.



For those wanting the extra context around this decision:

There's a really important reason for not sending the Via header in the request: it disables compression, by default, in most major web-servers!

· nginx defaults gzip_proxied to "off", where 'proxied' is determined by the presence of the Via header: http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip...

· The same goes for IIS 7 & IIS 8 via noCompressionForProxies defaulting to "true" - https://docs.microsoft.com/en-us/iis/configuration/system.we...

· Apache's mod_deflate doesn't do this (thankfully).

This has an immediately negative impact on performance and, in many cases, cost: the origin server is sending more bytes over the wire, and network transit is often a non-trivial cost for those on AWS, Azure, et. al.

Akamai also has a post on this: https://community.akamai.com/community/web-performance/blog/...

Note: I used to work at Cloudflare, and believe they (we!) made the right decision here. There are other mechanisms that can be used to detect proxy loops, and there are also cases where customers may "stack" edge network vendors (migration, specific feature needs, application complexity).

PS: Hi David! :)




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: