+Header always set Strict-Transport-Security "<%= node[:ssl][:strict_transport_security] %>" "expr=%{HTTPS} == 'on'"
+<% if node[:ssl][:ct_report_uri] -%>
+Header always set Expect-CT "max-age=0, report-uri=\"<%= node[:ssl][:ct_report_uri] %>\"" "expr=%{HTTPS} == 'on'"
+<% else -%>
+Header always set Expect-CT "max-age=0" "expr=%{HTTPS} == 'on'"