HPKP

HTTP Public Key Pinning (HPKP) is a security mechanism defined for HTTP responses that allows a website to declare which public keys are authorized to sign its TLS certificates. By publishing pins, a site can reduce the risk of misissued or compromised certificates being trusted for that site.

HPKP works by having the server send an HTTP header, Public-Key-Pins, (and a report-only variant, Public-Key-Pins-Report-Only)

Deployment requires careful planning. Operators typically pin multiple keys (including a current and a backup key)

Status and legacy: HPKP saw limited adoption and, due to its operational risk, has been deprecated by