We need to make sure that we don't let browsers cache anything when the
cookie changes (Vary: Cookie).
Furthermore, we want to make sure that public caches don't cache
anything when the content is sent to a logged in user (Cache-Control:
private).
Finally, we want to indicate to caches how long something can be cached
which we do with an additional Cache-Control header and Expires for
older clients.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>