It’s just data

Secure Business Data Interchange Using HTTP

James Clark: My conclusion is that there’s a real need for a cache-friendly way to sign HTTP responses. (Being able to sign HTTP requests would also be useful, but that solves a different problem.)

Perhaps RFC 4130 would be a good starting point.