Deprecated - Expect-CT header

marcus20 · March 17, 2023, 3:07pm

I am currently picking up the following warning from PageSpeed Insights under Best Practices:

The Expect-CT header is deprecated and will be removed. Chrome requires Certificate Transparency for all publicly trusted certificates issued after April 30, 2018.

I have checked through htaccess but nothing there, expect it’s coming from Cloudflare’s SSL certificate for the website.

If anyone knows how to remove this would appreciate your guidance.

ghurley · March 19, 2023, 2:53am

Go to Rules > Transform Rules > Managed Transforms

Then look under “HTTP response headers” and see if “Add security headers” is enabled. This enables Expect-CT. See the attached graphic of what features get enabled.

I’m leaving it enabled for now. I don’t want the other features disabled. Hopefully Cloudflare will update the rule.