"The dates for the signed exchange are invalid."

Hi,

I have implemented all of the requirements for enabling SXGs:

  • Automatic Signed Exchanges (SXGs) is available for the zones with a Pro or Higher plan, or for the zones on a Free plan with the APO subscription.
  • SXGs only works with zones that are using Cloudflare Nameservers with orange clouded DNS records.
    • Note : To change your domain nameservers, please follow the instructions in this article. Then, turn on the Cloudflare proxy (orange cloud) for any relevant DNS record.
  • The certificates for the zone need to be managed by Cloudflare.
    • Note : If someone wants to obtain a SXG certificate, they need to add a certain CAA Record for issuance. Cloudflare does that on behalf of the Users upon the enablement of SXGs. We add these records to make sure issuance is not blocked. If you have issuance of SSL certificates from other CAs, please ensure that you add the additional CAA records after enabling the SXGs.
  • Content needs to be cached every 120 seconds or longer.
    • Note : Google checks to make sure that content is cached over two minutes to generate an SXG. Please ensure that content is cached every two minutes or longer: Dashboard > Caching > Configuration > Browser Cache TTL
  • AMP Real URL needs to be disabled if SXGs is enabled: Dashboard > Speed > Optimization > AMP Real URL

However, I am seeing a warning in Google Search Console stating, “The dates for the signed exchange are invalid.”

Is this a bug? I am not sure what to do from here.

Thanks and regards,

Tug

So I found the post on Automatic Signed Exchanges and found out:

  1. Since Cloudflare cannot be sure whether a signed exchange does or does not include private information, a signed exchange will not be generated in the presence of the following headers:

Authentication-Control, Authentication-Info, Clear-Site-Data, Optional-WWW-Authenticate, Proxy-Authenticate, Proxy-Authentication-Info, Public-Key-Pins, Sec-WebSocket-Accept, Set-Cookie, Set-Cookie2, SetProfile, Strict-Transport-Security, Vary, WWW-Authenticate

I have set up HSTS, so this means signed exchanges will not work on our website if I am correct?

Hi @Terms_G,

For “The dates for the signed exchange are invalid.” errors: You can ignore them. Google can still parse the SXG and treat it like normal HTML, so it falls back to earlier behaviour.

For HSTS: There are Users [ @eva2000, @junellabanag1 ] reporting that SXGs is working on their websites even in the presence of HSTS. I will update you when we know more.

3 Likes

We saw this issue as well. Hopefully it’s resolved soon. We’re on HSTS too.

Hi @firat,

I googled our site and indeed the SXG is working normally. The URL goes from the google URL then switches to our URL.

However, our logo is no longer in the search results for any AMP page. Is this normal behavior?

Thanks and regards.

Hi @Terms_G, we haven’t received any report with regard to logos missing from the search results, and I can’t reproduce it with our zones… That issue might be related to something else.

2 Likes

Thank you for that. I think it may have something to do with the Official AMP plugin itself.

1 Like

Same GSC warning “The dates for the signed exchange are invalid.” for us on serveral sites with HSTS off