Great! The expect-ct header was found
in the HTTP response headers as highlight below.
Couldn’t find the Expect-CT header
in the response headers.
Header | Value |
---|---|
Header |
Value |
About Expect-CT Header
The Expect-CT header tells the browser to check whether the site is following the Certificate Transparency guidelines, and verify that it’s doing what it says. Certificate Transparency was launched by Google as a security initiative to make SSL certificates more secure. It’s been in force since April 2018, as Google was simply threatening to refuse to run the websites that complied with it. Please note that CT isn’t a Google-exclusive, though it was started as such, but has buy-in from all major tech companies, certificate authorities, and standards organizations.
How it works?
The CT is simply a giant log of all certificates issued by certificate authorities, which is used by the browser to verify the certificate as it visits a site. The idea is simple: if the certificate shown by the website is not found in this global log, it’s a counterfeit one and that site cannot be trusted.
Why you should care?
If your website is accessible on Chrome and other Chromium-based browsers today, there’s nothing to worry about as you’re already in CT-compliance. That said, adding the Expect-CT header sets up a proper certificate policy framework for your website and adds to its reputation.
You may check this guide for the implementation guide.