Spring Security Expect-CT Header Support

Summary

Support Expect-CT Header

https://datatracker.ietf.org/doc/draft-stark-expect-ct/?include_text=1 https://scotthelme.co.uk/a-new-security-header-expect-ct/ https://scotthelme.co.uk/certificate-transparency-an-introduction/

Comment From: jzheaux

Note that Public-Key-Pins is deprecated in favor of Expect-CT.

Comment From: marcusdacoregio

Should we still consider adding this header? OWASP has deprecated it.

Comment From: marcusdacoregio

Closing this because OWASP has deprecated it. https://owasp.org/www-project-secure-headers/#expect-ct