I've added "Expect-CT" and "Expect-Staple" to my headers using rspadd:
# Mark all cookies as secure if sent over SSL
rsprep '^Set-Cookie: (.*) Set-Cookie: \1; HttpOnly; Secure' if secure
# Add the HSTS header with a 1 year max-age
rspadd 'Strict-Transport-Security: max-age=31536000' if secure
# Add additional security headers
rspadd 'Referrer-Policy: no-referrer-when-downgrade'
rspadd 'X-Frame-Options: sameorigin'
rspadd 'X-XSS-Protection: 1; mode=block'
rspadd 'X-Content-Type-Options: nosniff'
rspadd 'Expect-CT: max-age=0;
report-uri=https://xxx.report-uri.io/r/default/ct/reportOnly'
rspadd 'Expect-Staple:
report-uri=https://xxx.report-uri.io/r/default/staple/reportOnly'
BUT they are not appearing when I use Firefox to view the Headers:
[cid:[email protected]]
What am I doing wrong?
Norman
Norman Branitsky
Cloud Architect
MicroPact
(o) 416.916.1752
(c) 416.843.0670
(t) 1-888-232-0224 x61752
www.micropact.com<http://www.micropact.com/>
Think it > Track it > Done
