Expect-CT

Springen zu:
  1. Syntax
  2.  Directives
  3. Example
  4. Specifications
  5. Browser compatibility

Unsere Freiwilligen haben diesen Artikel noch nicht in Deutsch übersetzt. Machen Sie mit und helfen Sie, das zu erledigen!
Sie können den Artikel auch auf English (US) lesen.

The Expect-CT header allows sites to opt in to reporting and/or enforcement of Certificate Transparency requirements, which prevents the use of misissued certificates for that site from going unnoticed.

When a site enables the Expect-CT header, they are requesting that the browser check that any certificate for that site appears in public CT logs.

Header type Response header
Forbidden header name yes

Syntax

Expect-CT: report-uri="<uri>",
           enforce,
           max-age=<age>

 Directives

max-age

Specifies the number of seconds after reception of the Expect-CT header field during which the user agent should regard the host from whom the message was received as a known Expect-CT host.

If a cache receives a value greater than it can represent, or if any of its subsequent calculations overflows, the cache will consider the value to be either 2147483648 (2^31) or the greatest positive integer it can conveniently represent.

report-uri="<uri>" Optional

Specifies the URI to which the user agent should report Expect-CT failures.

When both the enforce directive and the report-uri directive are present, the configuration is referred to as an "enforce-and-report" configuration, signalling to the user agent both that compliance to the Certificate Transparency policy should be enforced and that violations should be reported.

 

enforce Optional

Signals to the user agent that compliance with the Certificate Transparency policy should be enforced (rather than only reporting compliance) and that the user agent should refuse future connections that violate its Certificate Transparency policy.

When both the enforce directive and the report-uri directive are present, the configuration is referred to as an "enforce-and-report" configuration, signalling to the user agent both that compliance to the Certificate Transparency policy should be enforced and that violations should be reported.

Example

The following example specifies enforcement of Certificate Transparency for 24 hours and reports violations to foo.example.

Expect-CT: max-age=86400, enforce, report-uri="https://foo.example/report"

Specifications

Specification Title
Internet Draft Expect-CT Extension for HTTP

Browser compatibility

Update compatibility data on GitHub
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariAndroid webviewChrome for AndroidEdge MobileFirefox for AndroidOpera for AndroidSafari on iOSSamsung Internet
Expect-CTChrome Full support 61Edge ? Firefox ? IE ? Opera Full support 48Safari ? WebView Android No support NoChrome Android Full support 61Edge Mobile ? Firefox Android ? Opera Android Full support 45Safari iOS ? Samsung Internet Android No support No

Legend

Full support  
Full support
No support  
No support
Compatibility unknown  
Compatibility unknown

Schlagwörter des Dokuments und Mitwirkende

Schlagwörter: 
Mitwirkende an dieser Seite: mdnwebdocs-bot, Malvoz, mfuji09, FranklinYu, HTMLValidator, dterei, Canta, fscholz, estark, jpmedley
Zuletzt aktualisiert von: mdnwebdocs-bot,