= HPKP: Public Key Pinning Extension for HTTP =
HPKP is an an Internet RFC, see see See [[http://tools.ietf.org/html/rfc7469 RFC7469]] (released April 2015). The ''Public-Key-Pins'' HTTP header is sent by a server to a client, to indicate the certificates related to the hashes sent should be pinned in the client. The client would thus refuse to establish a connection to the server if the pinning does not comply.
ItHPKP is an 's currently supported ''experimental''' HTTP header sent by Chrome and Firefoxa server to a client, both version >=35to indicate that some certificates related to the site should be pinned in the client. Microsoft browsers as of June 2015 don't support this. Exempt from this are local CAs -- like antivirus software or "enterprise appliances" -- which deploy The client would thus refuse to establish a local CA in connection to the server if the browserpining does not comply.
Due to its experimental nature, HPKP is currently '''not''' recommended on production sites which need a high level of trust -- supposed the operators understand the concept of backup keys thoroughly. Otherwise it can lead to availability problems. More information informations can be found on the [[https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning MDN description page]].
= Recommended Server Configurations =
