Skip to content

Commit 6751b4e

Browse files
ToriLindsayToriLindsay
committed
[Browser Rendering] Add signature headers
1 parent 28c59b9 commit 6751b4e

File tree

1 file changed

+10
-6
lines changed

1 file changed

+10
-6
lines changed

src/content/docs/browser-rendering/reference/automatic-request-headers.mdx

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -5,15 +5,19 @@ sidebar:
55
order: 2
66
---
77

8-
When using the [REST API](/browser-rendering/rest-api/) to fetch content via Browser Rendering, Cloudflare adds the following headers to outbound requests made to the target URL:
8+
Cloudflare automatically attaches headers to every [REST API](/browser-rendering/rest-api/) request made through Browser Rendering. These headers make it easy for destination servers to identify that these requests came from Cloudflare.
9+
10+
:::note[Note]
11+
12+
These headers are meant to ensure transparency and cannot be removed or overridden (with `setExtraHTTPHeaders`, for example).
13+
14+
:::
915

1016
| Header | Description |
1117
| -------------------- | ----------------------------------------------------------------------------------- |
1218
| `cf-biso-request-id` | A unique identifier for the Browser Rendering request |
1319
| `cf-biso-devtools` | A flag indicating the request originated from Cloudflare's rendering infrastructure |
20+
| `signature-agent` | [The location of the bot public keys](https://web-bot-auth.cloudflare-browser-rendering-085.workers.dev/.well-known/http-message-signatures-directory), used to sign the request and verify it came from Cloudflare |
21+
| `signature` and `signature-input`| A digital signature, used to verify requests, as shown in [this architecture document](https://datatracker.ietf.org/doc/html/draft-meunier-web-bot-auth-architecture) |
1422

15-
:::note[Note]
16-
17-
These headers are unique to Browser Rendering and are automatically included and cannot be removed or overridden (such as via `setExtraHTTPHeaders`). They are intended to ensure transparency, allowing destination servers to identify traffic as coming from Cloudflare Browser Rendering.
18-
19-
:::
23+
The `signature` headers are cryptographic proof that confirms the request was created by an authorized bot using HTTP message signatures. Learn more in the Cloudflare blog: [Forget IPs: using cryptography to verify bot and agent traffic](https://blog.cloudflare.com/web-bot-auth/).

0 commit comments

Comments
 (0)