An Automated Signed Exchange is not being produced by Cloudflare

A signed exchange is not being generated for the front page of

> curl -svo /dev/null -H "Accept: application/signed-exchange;v=b3"

should produce a response with the header content-type: application/signed-exchange;v=b3, but it is content-type: text/html; charset=UTF-8 instead.

> curl -svo /dev/null -H "Accept: application/signed-exchange;v=b3"

produces a response with header Content-Type: application/signed-exchange;v=b3 as expected.

I have enabled “Automatic Signed Exchanges (SXG)” in the dashboard as per

The CAA records are being added by Cloudflare correctly, which can be verified with dig caa.

While Cloudflare mentions in that an SXG response will not be generated in a response with the Vary header, they contradict that in their about dynamic SXG where they recommend adding the Vary: Cookie header. Vary: Cookie is necessary for my application since it uses server side personalization (a personal menu is shown for logged in users for instance). The page also mention an SXG response will not be generated for origin responses with a Strict-Transport-Security header, but I have a hard time believing that since this header is so strongly encouraged by Google. The only thing I can see that might exclude my site from SXG are the headers

Vary: Cookie, Accept-Encoding
Strict-Transport-Security: max-age=15552000; includeSubDomains; preload

but since the Cloudflare docs contradict themselves, I’m not sure.
Does anyone have any examples of sites using the Cloudflare SXG feature? I would like to inspect their headers and compare.

Another Cloudflare user reports SXG being generated with the Strict-Transport-Security header: Automatic Signed Exchanges (SXGs) Beta Launch - #50 by junellabanag1