# only apply this vary header when the URL starts with "status"
if (fastly.ff.visits_this_service == 0 && req.url ~ "^/status") {
  # set the logged-in header if the user-login cookie is present
  # in real world use, you might consider validating the cookie
  # check out this fiddle on authenticating JWTs
  # https://fiddle.fastlydemo.net/fiddle/27bdd957
  if (req.http.Cookie:user-login) {
     set req.http.logged-in = "true";
  } else {
     set req.http.logged-in = "false";
  }

  # clean up the unnecessary cookie 
  unset req.http.Cookie:user-login;
}