Modify `expect-ct` header

Hi all,

We’re currently receiving the following HTTP header from cloudflare:
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

… however, a security audit company has recommended we use the enforce flag, and extend the max-age.
i.e.
expect-ct: enforce, max-age=7776000, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

Is this something we can configure in CloudFlare?

(I’ve had a look through the SSL/TLS options and couldn’t find anything.)

Kind regards,
Nick

Since CF issues your certificates, they manage the expect-ct header. You could probably get this changed if you make a support ticket, but it would likely require being an Enterprise customer since there’s no existing system for CF to change this on a per-customer basis.

1 Like