Expect-CT is a new HTTP header that allows Web Browsers to authorize UAs (user agents) to  require  valid Signed Certificate Timestamps to be served on connections to hosts.

It allows sites to report and /or  enforce Certificate Transparency requirements, that denies the use of mississued certificates for that site from being ignored. When a site enables the Expect-CT header, they are requesting to check if any certificate for that site appears in public CT logs.


The Expect-CT header requires very little configuration with only few options :

enforce – optional directive. This is minimum expected to be present. This controls whether the browser should enforce the policy or not.
max-age – optional directive. This is second expected thing to be present. This directive specifies the number of seconds that the browser should cache and apply the received policy. Max-age depends onhow many hours a user should be using old cache.
report-uri – optional directive. Ideally should be on own server or on server or trusted party.

Im interested with IETF99 , so i have been following the HTTP working group .


Link: click here

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s