In this blog post, we delve into the complexities surrounding one such data integrity technique: HTTP message signing. We explore the different specifications currently in use, dissecting their mechanisms and operations. Additionally, we examine the challenges the techniques may present when scanning web applications and discuss how AppCheck has solved these problems to integrate message signing support into our vulnerability scanner.