Revision 1145410 of Public-Key-Pins

<div>{{HTTPSidebar}}</div>

<p>The HTTP <code><strong>Public-Key-Pins</strong></code> response header associates a specific cryptographic public key with a certain web server to prevent {{Glossary("MITM")}} attacks with forged certificates.</p>

<table class="properties">
 <tbody>
  <tr>
   <th scope="row">Header type</th>
   <td>{{Glossary("Response header")}}</td>
  </tr>
  <tr>
   <th scope="row">{{Glossary("Forbidden header name")}}</th>
   <td>no</td>
  </tr>
 </tbody>
</table>

<h2 id="Syntax">Syntax</h2>

<pre class="syntaxbox">
Public-Key-Pins: pin-sha256="&lt;pin-value&gt;"; 
                 max-age=&lt;expire-time&gt;; 
                 includeSubDomains; 
                 report-uri="&lt;uri&gt;"</pre>

<h2>Directives</h2>

<dl>
 <dt><code>pin-sha256="&lt;pin-value&gt;"</code></dt>
 <dd>One or more pins.</dd>
 <dt>max-age=&lt;expire-time&gt; {{optional_inline}}</dt>
 <dd>tbd</dd>
 <dt><code>includeSubDomains </code>{{optional_inline}}</dt>
 <dd>tbd</dd>
 <dt><code>report-uri="&lt;uri&gt;"</code> {{optional_inline}}</dt>
 <dd>tbd</dd>
</dl>

<h2 id="Examples">Examples</h2>

<p>tbd</p>

<h2 id="Specifications">Specifications</h2>

<table class="standard-table">
 <tbody>
  <tr>
   <th scope="col">Specification</th>
   <th scope="col">Title</th>
  </tr>
  <tr>
   <td>{{RFC("7469", "Public-Key-Pins", "2.1")}}</td>
   <td>Public Key Pinning Extension for HTTP</td>
  </tr>
 </tbody>
</table>

<h2 id="Browser_compatibility">Browser compatibility</h2>

<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p>

<p>{{Compat("http/headers/public-key-pins")}}</p>

<h2 id="See_also">See also</h2>

<ul>
 <li>{{HTTPHeader("Public-Key-Pins-Report-Only")}}</li>
</ul>