The Varnish container provides optional caching for content served by Drupal. It receives traffic from the HAProxy container and passses requests for uncached content down to Nginx.
InfoThe Varnish container will simply honour whatever cache headers are supplied by your Drupal site, so you can bypass Varnish by simply turning caching off in Drupal.
Certain paths are never cached, such as for Authorized users (carrying the Authorization header) or where the path is /user, /admin, /ajax and a few others, or the Authorization header is present.
Varnish also does some basic security enforcement by adding headers to outgoing responses to improve browser security. These include:
X-XSS-Protection = 1; mode=blockstops pages loading when the browser detects cross-site scripting attacks
Referrer-Policy = same-originstops cross-origin requests from sending "Referer" information for strict GDPR compliance
There are a few other tips and tricks that our Varnish image applies. You can review the Varnish config for full details here.