HTTP headers | Expect-CT

The HTTP Expect-CT header is a response-type header that prevents the usage of wrongly issued certificates for a site and makes sure that they do not go unnoticed and it also allows sites to decide on reporting or enforcement of Certificate Transparency requirements.

Syntax:

Expect-CT max-age=<age>, enforce, report-uri="<uri>"

Note: Enforce and report-uri are optional directives.

Directives: The HTTP Expect-CT header accepts three directives mentioned above and described below:

• max-age:<age>: This directive tells the number of seconds for which the user should consider the Expect-CT host(from whom the message was received) after the reception of the Expect-CT header.
• enforce: It is an optional directive which prompts the user to refuse further connections which do not comply with the Certificate Transparency(CT) policy and also enforces the policy.
• report-uri:<uri>: It is an optional directive that describes the URL where the user can report the failure of the Expect-CT header.

Examples:

• In this example, the Certificate Transparency is enforced for 12 hours and the reports are made to geeksforgeeks.org .

  Expect-CT: max-age=43200, enforce, report-uri="https://geeksforgeeks.org/report"

• In this example, the Certificate Transparency is enforced for an hour.

  Expect-CT: max-age=3600, enforce

To check the Expect-CT in action go to Inspect Element -> Network check the response header for Expect-CT like below, Expect-CT is highlighted.


Supported browsers: The browsers are compatible with HTTP Expect-CT header are listed below:

• Google Chrome
• Opera
My Personal Notes arrow_drop_up
Save