Reference

Verify that signed exchanges are working

Make a request with the signed exchange request header:

1. Open a terminal and run the following command, replacing https://example.com with your domain:

curl -svo /dev/null https://example.com -H "Accept: application/signed-exchange;v=b3"

2. Verify that the Content-Type in the response headers is application/signed-exchange;v=b3 rather than text/html.

Certificate authority used with SXGs

Cloudflare uses Google for SXGs' certificate issuance ↗. Once SXGs is enabled, Cloudflare automatically adds the Certification Authority Authorization records on behalf of the zones. Refer to the following example below:

dig example.com caa

;; ANSWER SECTION:
example.com. 3600 IN CAA 0 issue "digicert.com; cansignhttpexchanges=yes"
example.com. 3600 IN CAA 0 issue "pki.goog; cansignhttpexchanges=yes"
example.com. 3600 IN CAA 0 issuewild "digicert.com; cansignhttpexchanges=yes"
example.com. 3600 IN CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"

Was this helpful?

What did you like?

Accurate

Easy to understand

Solved my problem

Helped me decide to use the product

Other

What went wrong?

Hard to understand

Incorrect information

Missing the information

Other

Thank you for helping improve Cloudflare's documentation!