Whitelist cookie headers

It would be superbe if we could have a cookie whitelist to strip all the irrelevant cookies before checking for the cache.

Background: I would like to have an /about-us delivered from the cache but when you're logged in (session cookie), I want the cache to be ignored. If you're working with the HTTP standards (so no special X-LiteSpeed-Vary headers with special meanings), the only way you can achieve this is by doing this:

Response headers if not logged in:

Cache-Control: public, s-maxage=3600
Vary: Cookie

Response headers if logged in:

Cache-Control: no-store

Note that when you are logged in, no Vary: Cookie header is sent. So the cache is not flooded with entries. Only if the page is cacheable, we indicate that the cache shall vary on Cookie. That way, when you visit /about-us with a Cookie header, you will not get the cache entry.

Now the problem is with all these analytics JavaScript stuff that sets cookies (even though they could use localStorage or anything else), you will almost never hit the cache even though these cookies are actually completely irrelevant to the application back end.

Varnish also describes this issue in its documentation:

Also, if the client sends a Cookie header, Varnish will bypass the cache and go directly to the backend.

And then it describes how you can strip all the cookies you don't want to: https://varnish-cache.org/docs/6.2/users-guide/increasing-your-hitrate.html?highlight=cookies#cookies-from-the-client

So in other words, I need to be able to configure something like this:

module cache {
      enableCache 1
      checkPublicCache 1
      qsCache 1
      reqCookieCache 0
      reqCookieWhitelist PHPSESSID,Other-Relevant-Cookie

That would strip all the cookies except for PHPSESSID and Other-Relevant-Cookie.