cf.tls_client_auth.cert_chain_rfc9440
cf.tls_client_auth.cert_chain_rfc9440 String The intermediate certificate chain in RFC 9440 format.
Contains the intermediate certificates (all certificates between the leaf and the root, excluding both) as a comma-separated list of RFC 9440-encoded values. For example, :MIIDnz...g==:, :MIIDjD...45:. This is the format defined by RFC 9440 for the Client-Cert-Chain HTTP header.
The chain order follows TLS ordering: the certificate closest to the leaf appears first, working up toward the trust anchor. The root certificate is not included.
The field value is an empty string ("") if no client certificate was presented, if no intermediates were sent, or if the chain exceeded 16 KB (refer to cf.tls_client_auth.cert_chain_rfc9440_too_large).
This field is only filled in if the request includes a client certificate for mTLS authentication.
When forwarding this value as a request header to your origin server, ensure clients cannot inject their own HTTP header. Refer to the changelog for usage guidance.
Example value:
":MIIDnzCCAoeg...g==:, :MIIDjDCCAn...45:"- Request
- mTLS