Expect-CT Header Middleware

library 1.0.0 ·javascript deprecated

✓ verified May 27, 2026

auth-security web-framework http-networking

The `expect-ct` package provides Express middleware for setting the deprecated Expect-CT HTTP response header. This header was designed to enforce Certificate Transparency (CT) requirements by instructing browsers to expect valid Signed Certificate Timestamps (SCTs) for a website's TLS certificates. However, the Expect-CT header itself has been deprecated by major browsers (e.g., Chrome removed support in version 107 in October 2022) as Certificate Transparency is now a baseline requirement enforced by default across all publicly trusted certificates. As such, this middleware, currently at version 1.0.0 (though `1.0.1` is on npm, published 3 years ago), offers minimal practical security benefit for modern web applications. The Helmet.js project, which originally included this functionality, removed `expect-ct` from its default middlewares in Helmet v5 due to its obsolescence.

Traffic · last 30 days ↓71% vs prev 7d · indexed Wed Apr 22 · updated Sat Jun 06

total hits 13

actors 5 distinct systems

last hit 1d ago human

MetaBot

GPTBot

Script

Search engines

Humans

top countries 🇺🇸 United States · 🇨🇦 Canada · 🇫🇷 France · 🇮🇳 India · 🇩🇪 Germany

Resources

githubgithub.com/helmetjs/helmet ↗

packagewww.npmjs.com/package/expect-ct ↗

homepagehelmetjs.github.io/ ↗

API endpoints

full doc /v1/registry/expect-ct

install /v1/registry/expect-ct/install

compatibility /v1/registry/expect-ct/compatibility