Update automatic-request-headers.mdx

kathayl · web-flow · commit 2ca8cd7fcd08 · 2025-06-30T13:34:26.000-07:00
-capitalized the signature headers
-fixed link for signature agent (does not have the .well-known path)
-added back in instructions on how to verify using web bot auth
diff --git a/src/content/docs/browser-rendering/reference/automatic-request-headers.mdx b/src/content/docs/browser-rendering/reference/automatic-request-headers.mdx
@@ -17,7 +17,7 @@ These headers are meant to ensure transparency and cannot be removed or overridd
 | -------------------- | ----------------------------------------------------------------------------------- |
 | `cf-biso-request-id` | A unique identifier for the Browser Rendering request                               |
 | `cf-biso-devtools`   | A flag indicating the request originated from Cloudflare's rendering infrastructure |
-| `signature-agent`    | [The location of the bot public keys](https://web-bot-auth.cloudflare-browser-rendering-085.workers.dev/.well-known/http-message-signatures-directory), used to sign the request and verify it came from Cloudflare                                       |
-| `signature` and `signature-input`| A digital signature, used to verify requests, as shown in [this architecture document](https://datatracker.ietf.org/doc/html/draft-meunier-web-bot-auth-architecture)                     |
+| `Signature-agent`    | [The location of the bot public keys](https://web-bot-auth.cloudflare-browser-rendering-085.workers.dev), used to sign the request and verify it came from Cloudflare                                       |
+| `Signature` and `Signature-input`| A digital signature, used to validate requests, as shown in [this architecture document](https://datatracker.ietf.org/doc/html/draft-meunier-web-bot-auth-architecture)                     |
 
-The `signature` headers use an authentication method called [Web Bot Auth](/bots/concepts/bot/verified-bots/web-bot-auth/). Web Bot Auth leverages cryptographic signatures in HTTP messages to verify that a request comes from an automated bot.
+The `Signature` headers use an authentication method called [Web Bot Auth](/bots/concepts/bot/verified-bots/web-bot-auth/). Web Bot Auth leverages cryptographic signatures in HTTP messages to verify that a request comes from an automated bot. To verify a request originated from Cloudflare Browser Rendering, use the keys found on [this directory](https://web-bot-auth.cloudflare-browser-rendering-085.workers.dev/.well-known/http-message-signatures-directory) to verify the `Signature` and `Signature-Input` found in the headers from the incoming request. A successful verification proves that the request originated from Cloudflare Browser Rendering and has not been tampered with in transit.
