= HPKP: Public Key Pinning Extension for HTTP =
See HPKP is an an Internet RFC, see see [[http://tools.ietf.org/html/rfc7469 RFC7469]](released April 2015). The ''Public-Key-Pins'' HTTP header is sent by a server to a client, to indicate the certificates related to the hashes sent should be pinned in the client. The client would thus refuse to establish a connection to the server if the pinning does not comply.
HPKP is an It'''experimental''' HTTP header sent s currently supported by a server to a clientChrome and Firefox, to indicate that some certificates related to the site should be pinned in the clientboth version >=35. Microsoft browsers as of June 2015 don't support this. The client would thus refuse to establish Exempt from this are local CAs -- like antivirus software or "enterprise appliances" -- which deploy a connection to the server if local CA in the pining does not complybrowser.
Due to its experimental nature, HPKP is currently '''not''' recommended on production siteswhich need a high level of trust -- supposed the operators understand the concept of backup keys thoroughly. Otherwise it can lead to availability problems. More informations information can be found on the [[https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning MDN description page]].
= Recommended Server Configurations =
