What is HTTP Public Key Pinning and when to use it?

Email: maixuanviet.com@gmail.com
Skype: maixuanviet.com@outlook.com
Linkein: <a href="https://www.linkedin.com/in/maixuanviet" rel="noopener noreferrer" target="_blank"> linkedin.com/in/maixuanviet
HackerRank: <a href="https://www.hackerrank.com/vietmx" rel="noopener noreferrer" target="_blank"> hackerrank.com/vietmx
Github: github.com/vietmx
Tiktok: <a href="https://www.tiktok.com/@maixuanviet.com" rel="noopener noreferrer" target="_blank"> tiktok.com/@maixuanviet.com

Technology Community › Category: Web Security › What is HTTP Public Key Pinning and when to use it?

VietMX Staff asked 3 years ago

HTTP Public Key Pinning (HPKP) instructs a user agent to bind a site to specific root certificate authority, intermediate certificate authority, or end-entity public key. This prevents certificate authorities from issuing unauthorized certificates for a given domain that would nevertheless be trusted by the browsers.

Maximum risk sites must enable the use of HTTP Public Key Pinning (HPKP).

Question Tags: Middle Level, Web Security