A year ago Chrome announced plans to remove HTTP Public Key Pinning from the Chrome browser in version 69.

The main reason behind it was very low adoption of the HPKP headeras well as introduction of the Expect-CT header which, according to Google, does a better job at preventing man-in-the-middle attacks using fake certificates.

Note that neither Firefox nor Opera declared they will also remove HPKP (Safari and Edge never implemented it).

Fully automated RESTful API is now available. Subscribe for your free trial today!