Open In App

HTTP headers | Expect-CT

Improve
Improve
Like Article
Like
Save
Share
Report

The HTTP Expect-CT header is a response-type header that prevents the usage of wrongly issued certificates for a site and makes sure that they do not go unnoticed and it also allows sites to decide on reporting or enforcement of Certificate Transparency requirements.

Syntax:

Expect-CT max-age=<age>, enforce, report-uri="<uri>"

Note: Enforce and report-uri are optional directives.

Directives: The HTTP Expect-CT header accepts three directives mentioned above and described below:

  • max-age:<age>: This directive tells the number of seconds for which the user should consider the Expect-CT host(from whom the message was received) after the reception of the Expect-CT header.
  • enforce: It is an optional directive which prompts the user to refuse further connections which do not comply with the Certificate Transparency(CT) policy and also enforces the policy.
  • report-uri:<uri>: It is an optional directive that describes the URL where the user can report the failure of the Expect-CT header.

Examples:

  • In this example, the Certificate Transparency is enforced for 12 hours and the reports are made to geeksforgeeks.org .
    Expect-CT: max-age=43200, enforce, report-uri="https://geeksforgeeks.org/report"
  • In this example, the Certificate Transparency is enforced for an hour.
    Expect-CT: max-age=3600, enforce
  • To check the Expect-CT in action go to Inspect Element -> Network check the response header for Expect-CT like below, Expect-CT is highlighted.

    Supported browsers: The browsers are compatible with HTTP Expect-CT header are listed below:

    • Google Chrome
    • Opera

    Last Updated : 19 Nov, 2019
    Like Article
    Save Article
    Previous
    Next
    Share your thoughts in the comments
Similar Reads