{"ok":true,"request":{"host":"cpa.tg","scheme":"https","http_version":"HTTP/1.1","observed_at":"2026-04-17T16:32:40+00:00"},"transport":{"tls_protocol":"TLSv1.3","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_alpn":"","ja3":"","ja4":"","http2_fingerprint":"","http3":null,"edge_relay":"","edge_source":"","edge_label":"","enriched":false,"source":"nginx_fastcgi","notes":["JA3/JA4 and HTTP/2 fingerprint are absent in this run. They require reverse-proxy enrichment or a dedicated edge collector."]},"transport_diagnostics":{"status":"scaffold_only","transport":{"tls_protocol":"TLSv1.3","tls_cipher":"TLS_AES_128_GCM_SHA256","tls_alpn":"","ja3":"","ja4":"","http2_fingerprint":"","http3":null,"edge_relay":"","edge_source":"","edge_label":"","enriched":false,"source":"nginx_fastcgi","notes":["JA3/JA4 and HTTP/2 fingerprint are absent in this run. They require reverse-proxy enrichment or a dedicated edge collector."]},"contract":[{"name":"X-CPA-JA3","field":"ja3","description":"TLS ClientHello JA3 fingerprint from the edge","present":false,"value":""},{"name":"X-CPA-JA4","field":"ja4","description":"JA4 fingerprint from the edge","present":false,"value":""},{"name":"X-CPA-HTTP2-Fingerprint","field":"http2_fingerprint","description":"HTTP/2 client fingerprint from the edge","present":false,"value":""},{"name":"X-CPA-TLS-ALPN","field":"tls_alpn","description":"ALPN protocol negotiated at TLS layer","present":false,"value":""},{"name":"X-CPA-HTTP3","field":"http3","description":"Boolean flag indicating HTTP/3 or QUIC at the edge","present":false,"value":null},{"name":"X-CPA-TLS-PROTOCOL","field":"tls_protocol","description":"Forwarded TLS protocol when edge terminates TLS before nginx","present":true,"value":"TLSv1.3"},{"name":"X-CPA-TLS-CIPHER","field":"tls_cipher","description":"Forwarded TLS cipher when edge terminates TLS before nginx","present":true,"value":"TLS_AES_128_GCM_SHA256"}],"missing_headers":["X-CPA-JA3","X-CPA-JA4","X-CPA-HTTP2-Fingerprint","X-CPA-TLS-ALPN","X-CPA-HTTP3"],"edge":{"relay":"","source":"","label":""},"recommendations":["Inject JA3, JA4 and HTTP/2 fingerprints at the edge and pass them as X-CPA-* headers.","Expose ALPN from the edge to distinguish HTTP/2 and HTTP/3 cleanly."]}}