Public-Key-Pins

HTTP response header

The HTTP Public-Key-Pins response header associates a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks with forged certificates. If one or several keys are pinned and none of them are used by the server the browser will not accept the response as legitimate and will not display it.

Header usage statistics

Public-Key-Pins response header information and usage statistics.
Websites using header Public-Key-Pins12,199
Percentage of websites that use Public-Key-Pins header<0.1%
Total discovered header values2,179
Header uses directivesYes
Header values are unique or randomNo
Most popular in the country United States

Public-Key-Pins directives (4 total)

  • includesubdomains
  • max-age
  • pin-sha256
  • report-uri

Public-Key-Pins Directives

Public-Key-Pins directives value information and usage statistics
DirectiveShareWebsites countUnique Values
pin-sha25688.55%10,802121
max-age87.92%10,72526
includesubdomains78.57%9,58524
report-uri5.83%71113

Websites utilizing Public-Key-Pins

List of websites that use Public-Key-Pins header
DomainCountryRankContacts
validator.w3.org United States265
barnesandnoble.com United States1,129
bip.gov.pl Poland3,390
gsa.gov United States4,641
codeproject.com Canada6,896
comptia.org United States10,017
See full domain list

Common header values

List of top common Public-Key-Pins header values
Header valueValue prevalence
pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains13.85%
pin-sha256="X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg=" max-age=15552000; includeSubDomains9.67%
: pin-sha256="wGeuZWpwDHgQqGjow+N/PhsxUeTq+cS694SDmD0MVtA="; max-age=31536000; includeSubDomains6.84%
pin-sha256='X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg='; pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec='; pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubdomains; max-age=25920005.89%
pin-sha256="wGeuZWpwDHgQqGjow+N/PhsxUeTq+cS694SDmD0MVtA="; max-age=31536000; includeSubDomains4.92%
pin-sha256="<Subject Public Key Information (SPKI)>"; max-age=2592000; includeSubDomains4.11%
: pin-sha256="nC/WIfAk/MVYCA+pbEP5A5F70YopIaoLs+mo1oMtcUo="; max-age=31536000; includeSubDomains1.99%
pin-sha256=""; pin-sha256=""; max-age=315360001.95%
pin-sha256="klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; pin-sha256="633lt352PKRXbOwf4xSEa1M517scpD3l5f79xMD9r9Q="; max-age=2592000; includeSubDomains1.81%
: pin-sha256="MtD92Za9TDpnj22uC18D8UriJamZTZdLacfiErn3mTo="; max-age=31536000; includeSubDomains1.11%
pin-sha256='X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg=';0.98%
pin-sha256="base64+info1="; max-age=315360000.91%
pin-sha256="S1CQF4bfrfu+0NZpDAVgczOJu73tqMTakCcdDM6il1E="; pin-sha256="7V0k+NyeVRIXOmD+zCJpX6nsXdAFjX0MsIACD/NeTQg="; max-age=2592000; includeSubDomains0.83%
pin-sha256="aR6DUqN8qK4HQGhBpcDLVnkRAvOHH1behpQUU1Xl7fE="; max-age=2592000; includeSubDomains0.75%
pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="; pin-sha256="diGVwiVYbubAI3RW4hB9xU8e/CH2GnkuvVFZE8zmgzI="; max-age=5184000; includeSubDomains0.70%
pin-sha256="jDNPIoQdviZhELycQEXvXmBzJFLLM13xUlT8Jamgc0U="; pin-sha256="KVhT/NkSwnjmxDOvcy6MKwG9ak5RAgxEOV0QQBT94Bo="; pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; report-uri="https:/0.53%
pin-sha256="pin1"; pin-sha256="pin2"; max-age=25920000.53%
pin-sha256=\"base64+primary==\"; pin-sha256=\"base64+backup==\"; max-age=5184000; includeSubDomains0.48%
pin-sha256="PQfjTZ6Zwh1l5TpMkjOF85NBLH05yCD0Q4U6IuH17x0="; pin-sha256="vJ6JGRfCsYINcfiUwxxg4vmkhmQOTi3jksgxCavebo8="; pin-sha256="lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI="; includeSubDomains; max-age=51840000;0.42%
pin-sha256="4a6cPehI7OG6cuDZka5NDZ7FR8a60d3auda+sKfg4Ng=";pin-sha256="Zf/Ukxbl9z2WLfmehiHNZckHd2chX9T8TWT4vZUPv3I="; pin-sha256="Slt48iBVTjuRQJTjbzopminRrHSGtndY0/sj0lFf9Qk="; pin-sha256="X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg="; pin-sha256="h6801m+z0.42%