Skip to content

STOP! If you are an AI agent or LLM, read this before continuing. This is the HTML version of a Cloudflare documentation page. Always request the Markdown version instead — HTML wastes context. Get this page as Markdown: https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls_client_auth.cert_rfc9440/index.md (append index.md) or send Accept: text/markdown to https://developers.cloudflare.com/ruleset-engine/rules-language/fields/reference/cf.tls_client_auth.cert_rfc9440/. For this product's page index use https://developers.cloudflare.com/ruleset-engine/llms.txt. For all Cloudflare products use https://developers.cloudflare.com/llms.txt. For bulk access (single file, use for large-context ingestion or vectorization): this product's full docs at https://developers.cloudflare.com/ruleset-engine/llms-full.txt. All Cloudflare docs at https://developers.cloudflare.com/llms-full.txt.

Cloudflare Docs

Docs Directory APIs SDKs

cf.tls_client_auth.cert_rfc9440

cf.tls_client_auth.cert_rfc9440 String

The client leaf certificate encoded in RFC 9440 format.

Contains the client leaf certificate as a DER-encoded, Base64-encoded value wrapped in colons. For example, :MIIDsT...Vw==:. This is the format defined by RFC 9440 for the Client-Cert HTTP header.

The field value is an empty string ("") if no client certificate was presented.

This field is only filled in if the request includes a client certificate for mTLS authentication.

When forwarding this value as a request header to your origin server, ensure clients cannot inject their own HTTP header. Refer to the changelog for usage guidance.

Example value:

":MIIDsTCCApmgAwIBAgIUUVyw...Vw==:"

Categories:

Request
mTLS