HPKPs

HPKPs (HTTP Public Key Pins) refer to a mechanism in which a web server can declare which public keys are trusted for a given host by sending pins in the Public-Key-Pins HTTP header. The pins are typically generated as base64-encoded SHA-256 hashes of the SPKI (Subject Public Key Info) of the server’s legitimate certificates. By publishing pins, a site attempts to reduce the risk of trusted certificate misuse or man-in-the-middle attacks involving compromised or misissued certificates.

The core components of HPKP are the pin values themselves and a set of directives. The Public-Key-Pins

Deployment considerations are critical. Misconfigurations can lock users out of a site if pins are lost or

Today, HPKP is largely deprecated and unsupported by major browsers. The standard RFC 7469 remains part of