Expect-CT Header via HTTP
Severity:
Information
Summary
Expect-CT header is sent over HTTP response which should have been sent over HTTPS only. Browser will ignore any Expect-CT header received in an HTTP response.
Impact
Browser will ignore the Expect-CT header and the users will not be able to take advantage of it. This renders the Expect-CT implementation useless. Not having Expect-CT will make use of misissued certificates easier for attackers.
Remediation
Required Skills for Successful Exploitation
Actions To Take
Classifications
Vulnerability Index
You can search and find all vulnerabilities
Select Category
Select Vulnerability
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Build your resistance to threats. And save hundreds of hours each month.
