Modify `expect-ct` header

Hi all,

We’re currently receiving the following HTTP header from cloudflare:
expect-ct: max-age=604800, report-uri=""

… however, a security audit company has recommended we use the enforce flag, and extend the max-age.
expect-ct: enforce, max-age=7776000, report-uri=""

Is this something we can configure in CloudFlare?

(I’ve had a look through the SSL/TLS options and couldn’t find anything.)

Kind regards,

Since CF issues your certificates, they manage the expect-ct header. You could probably get this changed if you make a support ticket, but it would likely require being an Enterprise customer since there’s no existing system for CF to change this on a per-customer basis.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.