Reference
Verify that signed exchanges are working
Make a request with the the signed exchange request header:
- Open a terminal and run the following command, replacing
https://example.com
with your domain:
$ curl -svo /dev/null https://example.com -H "Accept: application/signed-exchange;v=b3"
- Verify that the
Content-Type
in the response headers isapplication/signed-exchange;v=b3
rather thantext/html
.
Certificate authority used with SXGs
Cloudflare uses Google for SXGs’ certificate issuance. Once SXGs is enabled, Cloudflare automatically adds the Certification Authority Authorization records on behalf of the zones. Refer to the following example below:
$ dig example.com caa;; ANSWER SECTION:example.com. 3600 IN CAA 0 issue "digicert.com; cansignhttpexchanges=yes"example.com. 3600 IN CAA 0 issue "pki.goog; cansignhttpexchanges=yes"example.com. 3600 IN CAA 0 issuewild "digicert.com; cansignhttpexchanges=yes"example.com. 3600 IN CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"