Public-Key-Pins-Report-Only

HTTP response header

The HTTP Public-Key-Pins-Report-Only response header sends reports of pinning violation to the report-uri specified in the header but unlike Public-Key-Pins still allows browsers to connect to the server if the pinning is violated.

Header usage statistics

Public-Key-Pins-Report-Only response header information and usage statistics.

Websites using header Public-Key-Pins-Report-Only 1,630
Percentage of websites that use Public-Key-Pins-Report-Only header <0.1%
Total discovered header values 149
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

Public-Key-Pins-Report-Only Directives (4 total)

  • includesubdomains
  • max-age
  • pin-sha256
  • report-uri

Public-Key-Pins-Report-Only Directives

Public-Key-Pins-Report-Only directives value information and usage statistics

Directive Share Websites count Unique Values
pin-sha256 99.02% 1,614 35
max-age 96.13% 1,567 13
report-uri 82.58% 1,346 23
includesubdomains 22.82% 372 16

Distribution by websites popularity

Public-Key-Pins-Report-Only detection in the top websites by popularity

Top 10k sites 2 websites
Top 100k sites 50 websites
Top 1m sites 127 websites

Websites utilizing Public-Key-Pins-Report-Only

List of websites that use Public-Key-Pins-Report-Only header

Domain Country Rank Contacts
smallbusiness.yahoo.com United States of America 851
order.store.yahoo.net United States of America 8,747
beap.gemini.yahoo.com United States of America 10,355
www.appointy.com United States of America 13,820
hao123.com China 16,408
www.hao123.com Hong Kong 16,408
See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common Public-Key-Pins-Report-Only header values

Header value Value prevalence
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report- 59.39%
pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis="; max-age=2592000; includeSubDomains 9.20%
pin-sha256="1UeprJ9h9qxsp8wLsHzaro/ikoTS/AieY2Eikb3Jz4M="; pin-sha256="pNVPNqc6wAQJLD9AGqxoZIUfOm5TE9qQPCgwngkx+CI="; pin-sha256="8lDSJN+U6Dh5Aex7H16VdOM7QZH1xgU2kCzi8foplGw="; pin-sha256="bf8XR/FlNtQkWPn5Gq2lxK59ETzRJ2p3zcF0SOlPY30="; max-age=60; report- 3.93%
max-age=300;pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q=";pin-sha256="IQBnNBEiFuhj+8x6X8XLgh01V9Ic5/V3IRQLNFFc7v4=";report-uri="https://reports.baidu.com/pkp-report/" 2.09%
pin-sha256="jZomPEBSDXoipA9un78hKRIeN/+U4ZteRaiX8YpWfqc="; pin-sha256="axSbM6RQ+19oXxudaOTdwXJbSr6f7AahxbDHFy3p8s8="; pin-sha256="SE4qe2vdD9tAegPwO79rMnZyhHvqj3i5g1c2HkyGUNE="; pin-sha256="ylP0lMLMvBaiHn0ihLxHjzvlPVQNoyQ+rMiaj0da/Pw="; max-age=60; report- 1.47%
pin-sha256="cUPcTAZWKaASuYWhhneDttWpY3oBAkE3h2+soZS7sWs="; pin-sha256="M8HztCzM3elUxkcjR2S5P4hhyBNf6lHkmjAHKhpGPWE="; max-age=10000; includeSubDomains; report-uri /Security/HpkpReporting 1.41%
max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="2oALgLKofTmeZvoZ1y/fSZg7R9jPMix8eVA6DH4o/q8="; pin-sha256="47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU="; pin-sha256="cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM="; pi 1.35%
max-age=2592000; pin-sha256="S4AbJNGvyS57nzJwv8sPMUML8VHSqH1vbiBftdPcErI="; pin-sha256="7bAgdmNn2H+XADG/0chP8oko91bQz3ut965iA0giRKw="; pin-sha256="MpdGqMp8E1zPGeuXZH5HQOC34CCbFzdpS68tutrt6RA=" 1.23%
pin-sha256="8joiNBdqaYiQpKskgtkJsqRxF7zN0C0aqfi8DacknnI="; pin-sha256="drtmcR2kFkM8qJClsuWgUzxgBkePfRCkRpqUesyDmeE="; report-uri="https://reports.protonmail.com/reports/tls" 1.10%
pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63WsWXhIMN+eWys="; max-age=60; report-uri="https://kvartus.report-uri.io/r/default/hpkp/reportOnly" 0.98%
pin-sha256="WloDwpTBQuUKWrrphq6sMjD+mD4OnXnq2vvUTvbjPT4="; pin-sha256="DuLismTIyqm0AqBBRSvhK04q/7F1/EYelT9HX/qEs+0="; report-uri="https://cp.liubit.lt/hpkp" 0.98%
max-age=2592000; pin-sha256="JIROYcrGeRvbrz9+sPKMPlHD0yMx5y9MCFkgloRq838="; pin-sha256="CF88ToMtOla8DfSwsf51ld6v8ORWTBRPg7nN70UsUqk="; pin-sha256="S4AbJNGvyS57nzJwv8sPMUML8VHSqH1vbiBftdPcErI=" 0.92%
max-age=2592000; includeSubdomains; pin-sha256="sRHdihwgkaib1P1gxX8HFszlD+7/gTfNvuAybgLPNis="; pin-sha256="C5+lpZ7tcVwmwQIMcRtPbsQtWLABXhQzejna0wHFr8M="; pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="Vjs8r4z+80wjNcr1YKepWQboSIRi63 0.61%
pin-sha256='S3Jjr3lneLuXa+KZc0E2KUfRAzfgdZ3WXGjsFOHXb30='; includeSubdomains; max-age=2592000; report-uri='https://pellcomp.report-uri.io/r/default/hpkp/reportOnly' 0.61%
max-age=0 0.49%
pin-sha256="muKAKHD19oiTSoqiZ1lLaNSIx1pCGrSXv4KTXhNlaOI="; pin-sha256="sa8ppLAMTac20O+0ajL0r/FCtb0sgn+iSsxhZGdMtzo="; max-age=7776000; includeSubDomains; report-uri="https://transitfare.com" 0.43%
pin-sha256="iMUtrEGdrB8NtVYn0/SO6Om6fpbbQmb21Z1T/gWQWgs="; pin-sha256="yWulDX8E5Q0XG4+9jVDljmO2FvAVzIRhn2MppW4vyUM="; includeSubDomains; max-age=3600; always; 0.43%
max-age=2592000; pin-sha256="2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY="; pin-sha256="I/Lt/z7ekCWanjD0Cvj5EqXls2lOaThEA0H2Bg4BT/o="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="Wd8xe/qfTwq3ylFNd3IpaqLHZbh2ZNCLluVzmeNkcpw="; pi 0.37%
pin-sha256="x0wURZiW2+kqxQWn13vtMhyLHfTaF5NnCYgThWPSWPI="; pin-sha256="efRXWfSs2jsGspReg4wM6BZec+gy29/uyIFXlD2sg2c="; max-age=31536000; includeSubDomains; report-uri="https://traffstock.net/?mod=ticket_system&do=ticket_create" 0.37%
max-age=3600; includeSubdomains; pin-sha256="6X0iNAQtPIjXKEVcqZBwyMcRwq1yW60549axatu3oDE="; pin-sha256="Slt48iBVTjuRQJTjbzopminRrHSGtndY0/sj0lFf9Qk="; pin-sha256="LCa0a2j/xo/5m0U8HTBBNBNCLXBkg7+g+YpeiGJm564="; report-uri="https://zapier.com/hooks/catch/3b 0.37%