Expect-CT Extension for HTTP - RFC 9163

Abstract from the document or the project

This document defines a new HTTP header field named "Expect-CT", which allows web host operators to instruct user agents (UAs) to expect valid Signed Certificate Timestamps (SCTs) to be served on connections to these hosts. Expect-CT allows web host operators to discover misconfigurations in their Certificate Transparency (CT) deployments. Further, web host operators can use Expect-CT to ensure that if a UA that supports Expect-CT accepts a misissued certificate, that certificate will be discoverable in Certificate Transparency logs.

Source

https://datatracker.ietf.org/doc/html/rfc9163/

Backlinks for this Standard

Back to standards sorted by title
Back to standards sorted by year
Back to the entry in the list of standards sorted by topic
- HTTP Header
- Security