Public-Key-Pins directives (4 total)
- includesubdomains
- max-age
- pin-sha256
- report-uri
Public-Key-Pins
HTTP response headerThe HTTP Public-Key-Pins response header associates a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks with forged certificates. If one or several keys are pinned and none of them are used by the server the browser will not accept the response as legitimate and will not display it.
Header usage statistics
Public-Key-Pins response header information and usage statistics.| Websites using header Public-Key-Pins | 10,989 |
| Percentage of websites that use Public-Key-Pins header | less than 0.1% |
| Total discovered header values | 1,939 |
| Header uses directives | Yes |
| Header values are unique or random | No |
| Most popular in the country |  United States |
Public-Key-Pins Directives
Public-Key-Pins directives value information and usage statistics| Directive | Share | Websites count | Unique Values |
|---|---|---|---|
| pin-sha256 | 88.39% | 9,713 | 113 |
| max-age | 86.34% | 9,488 | 25 |
| includesubdomains | 80.58% | 8,855 | 22 |
| report-uri | 5.17% | 568 | 11 |
Websites utilizing Public-Key-Pins
List of websites that use Public-Key-Pins header| Domain | Country | Rank | Contacts |
|---|---|---|---|
| United States | 265 | ||
| United States | 1,129 | ||
| United States | 4,641 | ||
 Russia | 6,155 | ||
| United States | 6,896 | ||
| United States | 15,565 |
Common header values
List of top common Public-Key-Pins header values| Header value | Value prevalence |
|---|---|
| pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains | 14% |
| pin-sha256="X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg=" max-age=15552000; includeSubDomains | 10% |
| : pin-sha256="wGeuZWpwDHgQqGjow+N/PhsxUeTq+cS694SDmD0MVtA="; max-age=31536000; includeSubDomains | 6% |
| pin-sha256='X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg='; pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec='; pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubdomains; max-age=2592000 | 6% |
| pin-sha256="wGeuZWpwDHgQqGjow+N/PhsxUeTq+cS694SDmD0MVtA="; max-age=31536000; includeSubDomains | 4% |
| pin-sha256="<Subject Public Key Information (SPKI)>"; max-age=2592000; includeSubDomains | 3% |
| : pin-sha256="nC/WIfAk/MVYCA+pbEP5A5F70YopIaoLs+mo1oMtcUo="; max-age=31536000; includeSubDomains | 1% |
| pin-sha256="klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; pin-sha256="633lt352PKRXbOwf4xSEa1M517scpD3l5f79xMD9r9Q="; max-age=2592000; includeSubDomains | 1% |
| : pin-sha256="MtD92Za9TDpnj22uC18D8UriJamZTZdLacfiErn3mTo="; max-age=31536000; includeSubDomains | 1% |
| pin-sha256='X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg='; | 1% |
| pin-sha256="base64+info1="; max-age=31536000 | 0% |
| pin-sha256=""; pin-sha256=""; max-age=31536000 | 0% |
| pin-sha256="S1CQF4bfrfu+0NZpDAVgczOJu73tqMTakCcdDM6il1E="; pin-sha256="7V0k+NyeVRIXOmD+zCJpX6nsXdAFjX0MsIACD/NeTQg="; max-age=2592000; includeSubDomains | 0% |
| pin-sha256="aR6DUqN8qK4HQGhBpcDLVnkRAvOHH1behpQUU1Xl7fE="; max-age=2592000; includeSubDomains | 0% |
| pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="; pin-sha256="diGVwiVYbubAI3RW4hB9xU8e/CH2GnkuvVFZE8zmgzI="; max-age=5184000; includeSubDomains | 0% |
| pin-sha256="nC/WIfAk/MVYCA+pbEP5A5F70YopIaoLs+mo1oMtcUo="; max-age=31536000; includeSubDomains | 0% |
| pin-sha256="jDNPIoQdviZhELycQEXvXmBzJFLLM13xUlT8Jamgc0U="; pin-sha256="KVhT/NkSwnjmxDOvcy6MKwG9ak5RAgxEOV0QQBT94Bo="; pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; report-uri="https:/ | 0% |
| pin-sha256="nQPXamGeO1QhgyL4G/h0MO2/GmWgDTPYayL81ZL37Qg="; max-age=5184000; includeSubDomains | 0% |
| pin-sha256=\"base64+primary==\", max-age=5184000, includeSubDomains | 0% |
| pin-sha256="j/H1D8mgIXJSk/GrC91f0QgTogYfBDTYC7qYKE58D/A="; max-age=31536000; includeSubDomains | 0% |