Deep links require verification files like assetlinks.json for Android and apple-app-site-association for iOS to function correctly in production. These files must be hosted on a domain matching the app’s bundle ID, served over HTTPS without redirects, and configured with the correct Content-Type headers. While platforms like Vercel or Firebase can host them, Cloudflare Pages offers a streamlined, zero-config solution that automates deployments directly from GitHub.
Why Cloudflare Pages excels for deep link verification files
Hosting verification files for deep links involves strict technical requirements that most static hosting services struggle to meet out of the box. Cloudflare Pages addresses three critical needs:
- Strict HTTPS enforcement without redirects – Android’s
assetlinks.jsonvalidation fails if the URL redirects, even temporarily. Cloudflare Pages serves files directly over HTTPS without intermediate hops. - Precise Content-Type control – The iOS verification file
apple-app-site-associationlacks a file extension, so the server must explicitly declare its MIME type asapplication/json. Cloudflare Pages allows this via a simple_headersconfiguration. - Custom domain alignment – Verification files must reside on the same domain declared in the app’s configuration. Cloudflare Pages supports custom domains seamlessly, especially when registered through Cloudflare’s registrar.
Beyond meeting requirements, Cloudflare Pages offers instant deployments from GitHub and automatic SSL certificate provisioning, making it ideal for teams prioritizing speed and reliability.
The advantages of a .dev domain for deep links
The .dev top-level domain (TLD) is included in Chrome’s HSTS Preload list, meaning browsers enforce HTTPS for all connections to domains ending in .dev by default. This eliminates the need for manual HTTPS redirection configurations and reduces potential validation failures during deep link setup.
Registering a .dev domain typically costs between $10 and $15 annually, depending on the registrar. If you already use Cloudflare for DNS or hosting, registering the domain through Cloudflare simplifies setup by eliminating separate nameserver configuration steps.
Project structure and header configuration
Verifying deep links requires a specific directory structure and header rules to ensure proper file serving. Create a GitHub repository with this layout:
seuapp.dev/
├── .well-known/
│ ├── assetlinks.json
│ └── apple-app-site-association
├── signup.html
├── index.html
└── _headersThe signup.html file should match the version created in prior steps of your deep link integration series. The _headers file configures the Content-Type for both verification files:
/.well-known/apple-app-site-association
Content-Type: application/json
/.well-known/assetlinks.json
Content-Type: application/jsonWithout these headers, the server may serve the files with incorrect MIME types, causing iOS to silently reject the Universal Links. This misconfiguration is a common reason Universal Links appear to work intermittently.
Verification file templates and deployment steps
Both verification files follow standardized formats tailored to your app’s bundle identifiers. For Android, create assetlinks.json in the .well-known directory:
[
{
"relation": ["delegate_permission/common.handle_all_urls"],
"target": {
"namespace": "android_app",
"package_name": "com.seuapp",
"sha256_cert_fingerprints": [
"AA:BB:CC:DD:EE:FF:..."
]
}
}
]Replace com.seuapp with your app’s package name and include the SHA-256 certificate fingerprint from your signing keystore. For iOS, the apple-app-site-association file should look like this:
{
"applinks": {
"apps": [],
"details": [
{
"appID": "TEAM_ID.com.seuapp",
"paths": ["/signup", "/signup/*"]
}
]
}
}Replace TEAM_ID.com.seuapp with your Apple Developer Team ID and bundle identifier. Add paths corresponding to the routes your app handles for deep linking.
To deploy, push your repository to GitHub and configure Cloudflare Pages:
- In Cloudflare, navigate to Workers & Pages → Create → Pages → Connect to Git → select your repository.
- Set the Build command to empty and Output directory to
/. - Save and deploy. Add your custom domain under Custom Domains to complete setup.
Cloudflare automatically provisions SSL certificates, typically within minutes, ensuring your verification files are accessible over HTTPS immediately.
Validating your deployment
After deploying, verify that both files are accessible and correctly configured using curl:
curl -I
curl -I Check that both responses include content-type: application/json. If either file lacks the correct header, review the _headers file for spacing errors or encoding issues.
For Android validation, use the official Digital Asset Links tool from Google to confirm correct configuration:
- Visit the Digital Asset Links validator
- Enter your domain and path
- Verify the tool reports successful validation
Once validated, your deep links should function reliably across both Android and iOS devices, routing users directly to the intended in-app content.
Building a scalable deep link infrastructure
This setup completes a critical phase in a deep link integration workflow: moving from local testing to production-ready hosting. By leveraging Cloudflare Pages, you gain automated deployments, strict HTTPS enforcement, and precise content type control—all without manual server configurations.
With verification files properly hosted and validated, teams can confidently expand deep link support across marketing campaigns, user onboarding flows, and engagement features. Future-proof your setup by integrating CI/CD pipelines to automatically update verification files during app updates or domain changes.
The example repository demonstrates a fully configured deep link verification setup, available for reference on GitHub.
AI summary
Deep bağlantı doğrulama dosyalarınızı Cloudflare Pages ile nasıl barındıracak ve altyapınızı nasıl optimize edeceksiniz? Adım adım rehber ve .dev alan adı avantajları.
