ECH Active

Encrypted Client Hello Demo

This page is served via Caddy 2 with Encrypted Client Hello (ECH) enabled. Your TLS handshake SNI is encrypted — network observers cannot see which hostname you're connecting to.

Reverse Proxy

Caddy 2

Origin Server

nginx

DNS Plugin

caddy-dns

Protocol

HTTP/3 + ECH

Infra

Hetzner Cloud

IaC

Terraform

# Verify ECH with OpenSSL (requires OpenSSL 3.2+)
$ openssl s_client -connect yourdomain.com:443 -ech_config_list auto

# Or check via Cloudflare's ECH checker:
$ curl https://defo.ie/ech-check.php?domain=yourdomain.com