Public-Key-Pins

HTTP response header

The HTTP Public-Key-Pins response header associates a specific cryptographic public key with a certain web server to decrease the risk of MITM attacks with forged certificates. If one or several keys are pinned and none of them are used by the server the browser will not accept the response as legitimate and will not display it.

Header usage statistics

Public-Key-Pins response header information and usage statistics.

Websites using header Public-Key-Pins 10,578
Percentage of websites that use Public-Key-Pins header <0.1%
Total discovered header values 2,239
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

Public-Key-Pins Directives (4 total)

  • includesubdomains
  • max-age
  • pin-sha256
  • report-uri

Public-Key-Pins Directives

Public-Key-Pins directives value information and usage statistics

Directive Share Websites count Unique Values
pin-sha256 40.18% 4,250 298
max-age 33.48% 3,541 55
includesubdomains 30.14% 3,188 51
report-uri 2.36% 250 41

Distribution by websites popularity

Public-Key-Pins detection in the top websites by popularity

Top 10k sites 18 websites
Top 100k sites 51 websites
Top 1m sites 571 websites

Websites utilizing Public-Key-Pins

List of websites that use Public-Key-Pins header

Domain Country Rank Contacts
addons.mozilla.org United States of America 113
www.fcc.gov United States of America 744
www.barnesandnoble.com United States of America 976
my.pcloud.com Luxembourg 1,365
validator.w3.org United States of America 1,413
www.nrel.gov United States of America 2,561
See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common Public-Key-Pins header values

Header value Value prevalence
pin-sha256="X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg=" max-age=15552000; includeSubDomains 17.41%
pin-sha256="base64+primary=="; pin-sha256="base64+backup=="; max-age=5184000; includeSubDomains 14.20%
pin-sha256='X3pGTSOuJeEVw989IJ/cEtXUEmy52zs1TZQrU06KUKg='; pin-sha256='MHJYVThihUrJcxW6wcqyOISTXIsInsdj3xK8QrZbHec='; pin-sha256='isi41AizREkLvvft0IRW4u3XMFR2Yg7bvrF7padyCJg='; includeSubdomains; max-age=2592000 4.08%
pin-sha256="<Subject Public Key Information (SPKI)>"; max-age=2592000; includeSubDomains 3.90%
pin-sha256=""; pin-sha256=""; max-age=31536000 2.93%
pin-sha256=\"base64+primary==\"; pin-sha256=\"base64+backup==\"; max-age=5184000; includeSubDomains 2.07%
pin-sha256="klO23nT2ehFDXCfx3eHTDRESMz3asj1muO+4aIdjiuY="; pin-sha256="633lt352PKRXbOwf4xSEa1M517scpD3l5f79xMD9r9Q="; max-age=2592000; includeSubDomains 1.90%
pin-sha256="S1CQF4bfrfu+0NZpDAVgczOJu73tqMTakCcdDM6il1E="; pin-sha256="7V0k+NyeVRIXOmD+zCJpX6nsXdAFjX0MsIACD/NeTQg="; max-age=2592000; includeSubDomains 1.31%
pin-sha256="pin1"; pin-sha256="pin2"; max-age=2592000 1.12%
pin-sha256="base64+info1="; max-age=31536000 1.06%
pin-sha256=”SPKI_digest#1“; pin-sha256=”SPKI_digest#2“; max-age=31536000 0.92%
pin-sha256="1N2pB9wvFFAHy34GGRtzXQNFPw1k1GT8wJYez6T7wx8=" max-age=15552000; includeSubDomains 0.71%
max-age=2592000;pin-sha256="GRAH5Ex+kB4cCQi5gMU82urf+6kEgbVtzfCSkw55AGk=";pin-sha256="Dh46PQn5HIpXCusEb8G7YJsLzBSGAzNjgvsxeShjlv8=" 0.71%
pin-sha256='base64+primary=='; pin-sha256='base64+backup=='; max-age=5184000; includeSubDomains 0.61%
pin-sha256="jDNPIoQdviZhELycQEXvXmBzJFLLM13xUlT8Jamgc0U="; pin-sha256="KVhT/NkSwnjmxDOvcy6MKwG9ak5RAgxEOV0QQBT94Bo="; pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; report-uri="https:/ 0.46%
pin-sha256="PQfjTZ6Zwh1l5TpMkjOF85NBLH05yCD0Q4U6IuH17x0="; pin-sha256="vJ6JGRfCsYINcfiUwxxg4vmkhmQOTi3jksgxCavebo8="; pin-sha256="lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI="; includeSubDomains; max-age=51840000; 0.40%
pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis="; max-age=31536000; includeSubDomains 0.33%
pin-sha256="YOUR_HASH="; pin-sha256="YOUR_BACKUP_HASH="; max-age=7776000; report-uri="https://YOUR.REPORT.URL" 0.31%
pin-sha256="sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="; max-age=604800; includeSubDomains 0.30%
pin-sha256=35ATtJ7R+mJKePEEKyY0SquqCs0NgRVmAGDv+rNeCfs= ; max-age=60 ; includeSubDomains 0.27%