Missing Vary on payment

Quirk · GET /api/x402/edge-missing-vary · Edge / CDN Controls

Caches the paid 200 but ignores the payment header in the cache key (no Vary), so one payer's response is served to another.

Explanation

The paid 200 is cacheable but omits Vary: PAYMENT-SIGNATURE, so the edge cache keys only on the URL and ignores the payment header. As a result, one payer's response is served to a different (or unpaid) client. The merchant must add the payment header to the cache key, or make the response non-shared-cacheable.

What to watch

curl -i: public, max-age with NO Vary header on the paid 200.

Facilitator

Settled against the live Radius testnet facilitator (https://facilitator.testnet.radiustech.xyz). A valid payment runs a real /verify and /settle on-chain.

Metadata

Back to catalog