-
Notifications
You must be signed in to change notification settings - Fork 53
TWA 0221
"Expect-CT missing 'enforce' directive"
The Expect-CT is sent from the web server to the web browser in the HTTP header. The Expect-CT header activates the check of the HTTPS certificate by the web browser via the public CT (Certificate Transparency) log. Current (August 2020) only some modern web browsers (e.g. Chrome 64, Edge ) support the check.
The Expect-CT is a field in the header of the HTTP response. The value is a string with internal structure, a list of one or more directives.
The 'enforce' directive signal the browser to enforces the requirement for certificate transparency. If the HTTPS certificate violate its Certificate Transparency (CT) policy the web browser should abort the connection to the web server and should not display the web page.
Include the enforce directive in the Expect-CT in the web server configuration.