Whonix Wiki Download Docs News Support Tips Issues Contribute DONATE

Expect-CT security header for whonix.org

Currently using:

expect-ct: max-age=604800, report-uri=“https://whonix.report-uri.com/r/d/ct/enforce

enforce Optional

Signals to the user agent that compliance with the Certificate Transparency policy should be enforced (rather than only reporting compliance) and that the user agent should refuse future connections that violate its Certificate Transparency policy.

When both the enforce directive and the report-uri directive are present, the configuration is referred to as an “enforce-and-report” configuration, signalling to the user agent both that compliance to the Certificate Transparency policy should be enforced and that violations should be reported.

Considering to add enforce.

expect-ct: max-age=604800, enforce, report-uri=“https://whonix.report-uri.com/r/d/ct/enforce

1 Like

This was resolved.

Removed report-uri=“https://whonix.report-uri.com/r/d/ct/enforce”.


Now showing:

report-uri x

And the x is orange, not a green arrow indicating a non-perfection.

Reporting to a third party such as report-uri.com can be a privacy issue as mentioned in "whonix.report-uri.com".


  • A) Expect-CT violation reporitng reporting to third party report-uri.com (old option)
  • B) Expect-CT without violation reporting (current option)
  • C) Expect-CT self-hosted reporting (Theoretical option. Open Source software might not exist. Reporting potential TLS issues to source of TLS issues might be conceptually flawed.)
1 Like