Deprecated - Expect-CT header

I am currently picking up the following warning from PageSpeed Insights under Best Practices:

The Expect-CT header is deprecated and will be removed. Chrome requires Certificate Transparency for all publicly trusted certificates issued after April 30, 2018.

I have checked through htaccess but nothing there, expect it’s coming from Cloudflare’s SSL certificate for the website.

If anyone knows how to remove this would appreciate your guidance.

Go to Rules > Transform Rules > Managed Transforms

Then look under “HTTP response headers” and see if “Add security headers” is enabled. This enables Expect-CT. See the attached graphic of what features get enabled.

I’m leaving it enabled for now. I don’t want the other features disabled. Hopefully Cloudflare will update the rule.

1 Like