Detections
Analytics

Missing 'Expect-CT' Header (deprecated)

info Web App Scanning Plugin ID 98612

Language:

Synopsis

Missing 'Expect-CT' Header (deprecated)

Description

The Expect-CT header allows sites to opt in to reporting and or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed. This URL is flagged as a specific example.

The Expect-CT will likely become obsolete in June 2021. Since May 2018 new certificates are expected to support SCTs by default. Certificates before March 2018 were allowed to have a lifetime of 39 months, those will all be expired in June 2021.

Solution

If your certificate supports SCT (Signed Certificate Timestamp) by default, the Expect-CT header is not required.

See Also

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expect-CT

Plugin Details

Severity: Info

ID: 98612

Type: remote

Published: 5/29/2019

Updated: 7/24/2023

Scan Template: api, basic, config_audit, full, overview, pci, quick, scan

Reference Information