$ curl -I https://www.w3.org/ns/credentials/v2
HTTP/2 200
date: Wed, 27 May 2026 16:30:51 GMT
content-type: application/ld+json
last-modified: Tue, 11 Mar 2025 14:35:30 GMT
cache-control: max-age=2592000, s-maxage=2592001
expires: Fri, 29 May 2026 09:35:49 GMT
etag: W/"2793-6301200217080;63f8f63e17458"
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
access-control-allow-headers: Content-Type, Authorization
x-backend: www-mirrors
x-request-id: 9f3d519bbd4583d7
strict-transport-security: max-age=15552000; includeSubdomains; preload
content-security-policy: frame-ancestors 'self' https://cms.w3.org/ https://cms-dev.w3.org/; upgrade-insecure-requests
x-content-type-options: nosniff
vary: Accept-Encoding
set-cookie: __cf_bm=ydAVWw3wkf5Fb.j9c9Xxx8f4.r7DNnE7z8jt0ZwBAfs-1779899451.299861-1.0.1.1-OrVoEdmbMt5_EfirjOrWXs5kBauiiA.dfkY2Z2YXTo1TaO4PPp6y5fHXEkC7aSyOzFjwUJq1pnlOqIep28lRVoGUy7zXrVodAj.LAa8BKdhWafVt0w9M67G9R0yTkjl7; HttpOnly; SameSite=None; Secure; Path=/; Domain=w3.org; Expires=Wed, 27 May 2026 17:00:51 GMT
age: 2444102
cf-cache-status: HIT
server: cloudflare
cf-ray: a02668129baa7d4c-ATL
alt-svc: h3=":443"; ma=86400
The VCDM spec
provides a SHA256 that MUST be used by implementations to confirm they have the right context. It can be
regenerated/confirmed by the following CURL command:
curl -s https://www.w3.org/ns/credentials/v2 | openssl dgst -sha256
However, there are currently not any HTTP headers that echo that knowledge.
The SHA256 could potentially be provided as an ETag or Repr-Digest or similar which might allow If-None-Match (etc.) to prevent frequent loading (if/when/as HTTP is used to GET the context) and that the SHA256 could also be learned/confirmed against the spec.
