HTTP-Based Public Key Pinning (HPKP) was intended to allow websites to send an HTTP header that pins one or more of the public keys present in the site's certificate chain. It has very low adoption, and although it provides security against certificate misissuance, it also creates risks of denial of service and hostile pinning. See https://groups.google.com/a/chromium.org/d/msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ for details.
Specification
Final published standard: Recommendation, Living Standard, Candidate Recommendation, or similar final form
Status in Chromium
Removed
(tracking bug)
Consensus & Standardization
After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.
- No signal
- No signal
- No signal
- Mixed signals
Owners
Last updated on 2021-03-21