HTTP headers | Expect-CT

The HTTP Expect-CT header is a response-type header that prevents the usage of wrongly issued certificates for a site and makes sure that they do not go unnoticed and it also allows sites to decide on reporting or enforcement of Certificate Transparency requirements.

Syntax:

Expect-CT max-age=<age>, enforce, report-uri="<uri>"

Note: Enforce and report-uri are optional directives.



Directives: The HTTP Expect-CT header accepts three directives mentioned above and described below:

  • max-age:<age>: This directive tells the number of seconds for which the user should consider the Expect-CT host(from whom the message was received) after the reception of the Expect-CT header.
  • enforce: It is an optional directive which prompts the user to refuse further connections which do not comply with the Certificate Transparency(CT) policy and also enforces the policy.
  • report-uri:<uri>: It is an optional directive that describes the URL where the user can report the failure of the Expect-CT header.

Examples: