HTTP Public Key Pinning, or HPKP, has sure had an interesting journey as a standard but today marks what will probably be the final blow for the dying mechanism. Chrome has announced their plans to deprecate and remove support for HPKP as soon as 29th May 2018. What is HPKP?…
Tag: HPKP
Total 23 Posts
I recently wrote about how I'm giving up on HPKP and as part of that blog post I suggested I may change the grading criteria on securityheaders.io. After listening to all of the feedback I received as a result of that post, I'm now announcing some changes to the…
It's time for the 5th instalment of my Alexa Top 1 Million scan and this time around there's another new metric in the data. Previous Crawls I've done 4 previous crawls before now and they were Aug 2015, Feb 2016, Aug 2016 and Feb 2017. I'm also publishing my daily…
HTTP Public Key Pinning is a very powerful standard that allows a host to instruct a browser to only accept certain public keys when communicating with it for a given period of time. Whilst HPKP can offer a lot of protection, it can also cause a lot of harm too.…
We have quite a few security features at our disposal to help us better protect our websites and our visitors. I talk about them a lot on my blog and a few of them, mainly security headers, get a lot of coverage. Is it possible to use these security features…
