Support » Plugin: HTTP Headers » Public-Key-Pins

  • Resolved bulls_shark

    (@bulls_shark)


    Dear Support Team!

    Thank you for the great plugin, now I would like to take your time and ask for help.

    When I create a code for my website at https://report-uri.com/home/pkp_hash, I get 3 fields:

    Here is your PKP hash for pin-sha256 =

    Here’s your PKP hash for Let’s Encrypt Authority X3:

    Here is your PKP hash for DST Root CA X3:

    In your plugin I have only 3 errors to enter this code.

    If I use only the first 2 I get the message while testing: This policy is not applied because there are no backup pins. (https://report-uri.com/home/pkp_analyse)

    Looking forward to your help and support.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Dimitar Ivanov

    (@zinoui)

    You must be careful with the HPKP header, it has the potential to lock out users for a long time if used incorrectly!

    Also you must know that the support in Chrome was deprecated and removed.

    In general, the use of HTTP Public Key Pinning (HPKP) is no longer recommended.

    However, if you still want to use it I will recommend to activate the “Report-Only” option until you configure it correctly.

    I’m not sure how works the noted from your web service, but according the current specification the use of backup key is required.

    thanks for Support! .)

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Public-Key-Pins’ is closed to new replies.