Expect-CT is a new HTTP header that allows Web Browsers to authorize UAs (user agents) to require valid Signed Certificate Timestamps to be served on connections to hosts.
It allows sites to report and /or enforce Certificate Transparency requirements, that denies the use of mississued certificates for that site from being ignored. When a site enables the Expect-CT header, they are requesting to check if any certificate for that site appears in public CT logs.
The Expect-CT header requires very little configuration with only few options :
enforce – optional directive. This is minimum expected to be present. This controls whether the browser should enforce the policy or not.
max-age – optional directive. This is second expected thing to be present. This directive specifies the number of seconds that the browser should cache and apply the received policy. Max-age depends onhow many hours a user should be using old cache.
report-uri – optional directive. Ideally should be on own server or on server or trusted party.
Im interested with IETF99 , so i have been following the HTTP working group .
Link: click here