Reference
Verify that signed exchanges are working
Make a request with the signed exchange request header:
- Open a terminal and run the following command, replacing
https://example.comwith your domain:
$ curl -svo /dev/null https://example.com -H "Accept: application/signed-exchange;v=b3"
- Verify that the
Content-Typein the response headers isapplication/signed-exchange;v=b3rather thantext/html.
Certificate authority used with SXGs
Cloudflare uses Google for SXGs’ certificate issuance. Once SXGs is enabled, Cloudflare automatically adds the Certification Authority Authorization records on behalf of the zones. Refer to the following example below:
$ dig example.com caa;; ANSWER SECTION:example.com. 3600 IN CAA 0 issue "digicert.com; cansignhttpexchanges=yes"example.com. 3600 IN CAA 0 issue "pki.goog; cansignhttpexchanges=yes"example.com. 3600 IN CAA 0 issuewild "digicert.com; cansignhttpexchanges=yes"example.com. 3600 IN CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"