{{HTTPSidebar}}
The HTTP Public-Key-Pins
response header associates a specific cryptographic public key with a certain web server to prevent {{Glossary("MITM")}} attacks with forged certificates.
Header type | {{Glossary("Response header")}} |
---|---|
{{Glossary("Forbidden header name")}} | no |
Syntax
Public-Key-Pins: pin-sha256="<pin-value>"; max-age=<expire-time>; includeSubDomains; report-uri="<uri>"
Directives
pin-sha256="<pin-value>"
- One or more pins.
- max-age=<expire-time> {{optional_inline}}
- tbd
includeSubDomains
{{optional_inline}}- tbd
report-uri="<uri>"
{{optional_inline}}- tbd
Examples
tbd
Specifications
Specification | Title |
---|---|
{{RFC("7469", "Public-Key-Pins", "2.1")}} | Public Key Pinning Extension for HTTP |
Browser compatibility
The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
{{Compat("http/headers/public-key-pins")}}
See also
- {{HTTPHeader("Public-Key-Pins-Report-Only")}}