You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In contract to headers like Content-Type, Content-Security-Policy, Feature-Policy, Public-Key-Pins, Strict-Transport-Security, etc., the Expect-CT header uses a comma delimiter instead of a semicolon. What's the reason for that?
Commas are used to separate different values. Those other header fields are comprised of a single value (with multiple parts). Expect-CT, like Cache-Control, includes multiple separate directives.
You could also say that Expect-CT fails to replicate the mistakes of those other header fields, but some of those - like CSP - are explicitly designed to have a single directive.
In contract to headers like
Content-Type
,Content-Security-Policy
,Feature-Policy
,Public-Key-Pins
,Strict-Transport-Security
, etc., theExpect-CT
header uses a comma delimiter instead of a semicolon. What's the reason for that?The text was updated successfully, but these errors were encountered: