| Scrapfly

Extension Details

Extension Name

signed_certificate_timestamp

Extension Code (Decimal)

18

Extension Code (Hex)

0x0012

RFC Reference

RFC 6962

What is signed_certificate_timestamp?

The Signed Certificate Timestamp (SCT) extension enables Certificate Transparency by allowing clients to request SCTs from the server. SCTs are cryptographic proofs that a certificate has been logged in a public Certificate Transparency log. This helps detect misissued certificates and improves the overall security of the web PKI. Browsers like Chrome and Safari require SCTs for Extended Validation (EV) certificates. SCTs can be delivered via TLS extension, OCSP stapling, or embedded in certificates. Defined in RFC 6962.

Role in JA3 Fingerprinting

How This Extension Affects Fingerprinting

The signed_certificate_timestamp extension is part of the TLS Client Hello packet that JA3 analyzes to create a unique fingerprint of your browser or HTTP client.

JA3 Construction: JA3 concatenates TLS parameters including extensions in a specific format:
TLS_VERSION,CIPHERS,EXTENSIONS,CURVES,POINT_FORMATS

Different browsers and HTTP clients support different sets of TLS extensions, making this a key differentiator in fingerprinting. The presence, absence, or order of extensions like signed_certificate_timestamp can reveal:

Browser type and version (Chrome, Firefox, Safari, Edge)
Operating system (Windows, macOS, Linux, Android, iOS)
HTTP library (curl, Python requests, Go http.Client, Node.js)
Bot detection - automated tools often have distinctive extension sets

Test Your TLS Configuration

See if your browser or HTTP client includes the signed_certificate_timestamp extension in its TLS handshake:

Test Your JA3 Fingerprint

The JA3 tool will show all TLS extensions your client advertises, including signed_certificate_timestamp.

Browser & Client Support

Modern Browser Support:

Chrome/Edge: Full support for signed_certificate_timestamp
Firefox: Full support for signed_certificate_timestamp
Safari: Full support for signed_certificate_timestamp

HTTP Client Libraries:

curl: Support varies by OpenSSL/LibreSSL version
Python requests: Limited TLS extension control
curl_cffi: Can mimic browser TLS configurations
Scrapfly API: Automatically matches real browser TLS fingerprints

Related TLS Resources

TLS Extensions

Testing Tools

Technical References

RFC Specification: RFC 6962 - TLS Extensions
IANA Registry: TLS ExtensionType Values
JA3 Project: JA3 - TLS Client Fingerprinting