Public-Key-Pins

HTTP response header

The HTTP Public-Key-Pins response header associates a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks with forged certificates. If one or several keys are pinned and none of them are used by the server the browser will not accept the response as legitimate and will not display it.

Header usage statistics

Public-Key-Pins response header information and usage statistics.

Websites using header Public-Key-Pins 18,209
Percentage of websites that use Public-Key-Pins header <0.1%
Total discovered header values 3,466
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

Public-Key-Pins Directives (4 total)

  • includesubdomains
  • max-age
  • pin-sha256
  • report-uri

Public-Key-Pins Directives

Public-Key-Pins directives value information and usage statistics

Directive Share Websites count Unique Values
pin-sha256 98.76% 17,983 542
max-age 87.62% 15,954 70
includesubdomains 73.44% 13,372 70
report-uri 6.96% 1,268 72

Distribution by websites popularity

Public-Key-Pins detection in the top websites by popularity

Top 10k sites 13 websites
Top 100k sites 113 websites
Top 1m sites 796 websites

Websites utilizing Public-Key-Pins

List of websites that use Public-Key-Pins header

Domain Country Rank Contacts
validator.w3.org United States of America 265
jigsaw.w3.org United States of America 455
addons.mozilla.org United States of America 779
www.barnesandnoble.com United States of America 1,129
www.fcc.gov United States of America 2,133
heart.org United States of America 2,837
See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common Public-Key-Pins header values

Header value Value prevalence
pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains 12.64%
pin-sha256="X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg=" max-age=15552000; includeSubDomains 10.96%
pin-sha256='X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg='; pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec='; pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubdomains; max-age=2592000 4.94%
pin-sha256="<Subject Public Key Information (SPKI)>"; max-age=2592000; includeSubDomains 4.83%
pin-sha256=""; pin-sha256=""; max-age=31536000 2.53%
pin-sha256="klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; pin-sha256="633lt352PKRXbOwf4xSEa1M517scpD3l5f79xMD9r9Q="; max-age=2592000; includeSubDomains 2.00%
pin-sha256=\"base64+primary==\"; pin-sha256=\"base64+backup==\"; max-age=5184000; includeSubDomains 1.78%
pin-sha256='base64+primary=='; pin-sha256='base64+backup=='; max-age=5184000; includeSubDomains 1.49%
pin-sha256=”SPKI_digest#1“; pin-sha256=”SPKI_digest#2“; max-age=31536000 1.24%
pin-sha256="base64+info1="; max-age=31536000 1.18%
pin-sha256="S1CQF4bfrfu+0NZpDAVgczOJu73tqMTakCcdDM6il1E="; pin-sha256="7V0k+NyeVRIXOmD+zCJpX6nsXdAFjX0MsIACD/NeTQg="; max-age=2592000; includeSubDomains 0.78%
pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis="; max-age=5184000; includeSubDomains 0.76%
pin-sha256="aR6DUqN8qK4HQGhBpcDLVnkRAvOHH1behpQUU1Xl7fE="; max-age=2592000; includeSubDomains 0.62%
pin-sha256="Slt48iBVTjuRQJTjbzopminRrHSGtndY0/sj0lFf9Qk="; pin-sha256="klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; max-age=60; includeSubDomains 0.61%
max-age=2592000;pin-sha256="GRAH5Ex+kB4cCQi5gMU82urf+6kEgbVtzfCSkw55AGk=";pin-sha256="Dh46PQn5HIpXCusEb8G7YJsLzBSGAzNjgvsxeShjlv8=" 0.57%
pin-sha256="pin1"; pin-sha256="pin2"; max-age=2592000 0.50%
pin-sha256=base64+primary==; pin-sha256=base64+backup==; max-age=5184000; includeSubDomains 0.49%
pin-sha256=\"\"; pin-sha256=\"\"; max-age=31536000 0.47%
pin-sha256="nQPXamGeO1QhgyL4G/h0MO2/GmWgDTPYayL81ZL37Qg="; max-age=5184000; includeSubDomains 0.43%
pin-sha256="jDNPIoQdviZhELycQEXvXmBzJFLLM13xUlT8Jamgc0U="; pin-sha256="KVhT/NkSwnjmxDOvcy6MKwG9ak5RAgxEOV0QQBT94Bo="; pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; report-uri="https:/ 0.40%