You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following comes directly from the OWASP Secure Headers Project (as of May 11th, 2023):
Deprecated.
⚠️ Warning: This header will likely become obsolete in June 2021. Since May 2018 new certificates are expected to support SCTs by default. Certificates before March 2018 were allowed to have a lifetime of 39 months, those will all be expired in June 2021.
Note: The Expect-CT is mostly obsolete since June 2021. Since May 2018, all new TLS certificates are expected to support SCTs by default. Certificates issued before March 2018 were allowed to have a lifetime of 39 months, so they had expired in June 2021. Chromium plans to deprecate Expect-CT header and to eventually remove it.
Rather than remove it, perhaps set its default value to disabled.
The text was updated successfully, but these errors were encountered:
10k ft View
The following comes directly from the OWASP Secure Headers Project (as of May 11th, 2023):
source: https://owasp.org/www-project-secure-headers/#expect-ct
The MDN page for Expect-CT goes into this further:
Rather than remove it, perhaps set its default value to disabled.
The text was updated successfully, but these errors were encountered: