I'm working on a web archiving technology that simply saves warc and mhtml format of a web page. Protected/private contents that need authentication are archived on the client-side which is susceptible to tampering which makes them unusable for legal admissions.
So I proposed a solution to create a mitmproxy server to intercept the traffic and hashes the content and sign it with an EC key and add that to the header. So that anyone can verify the archive by validating the signature from the header. The proxy server will act as a trusted signing authority and doesn't depend on clients. Is this the right approach?
Is there any existing way to prove that a document existed in a server at a specific time by verifying the headers?
I have found out that content-md5 header can provide the digest of the document which solves half the problem but its not a global standard and only some servers use it. Also found that ETag header can sometimes be the hash of content but again it is not really a standard.