HTTP-Based Public Key Pinning (HPKP) was intended to allow websites to send an HTTP header that pins one or more of the public keys present in the site's certificate chain. It has very low adoption, and although it provides security against certificate misissuance, it also creates risks of denial of service and hostile pinning. See https://groups.google.com/a/chromium.org/d/msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ for details.
Specification
Status in Chromium
Removed (tracking bug) in:
- Chrome for desktop release 72
- Chrome for Android release 72
Consensus & Standardization
After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.
- No signal
- No signal
- No signal
- Mixed signals
Owners
Last updated on 2020-11-09