HPKP
A few useful links to understand HTTP Public Key Pinning (HPKP) and some of its issues. RFC https://tools.ietf.org/html/rfc7469 Ivan Ristic https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead Scott Helme - Issues with HPKP https://scotthelme.co.uk/using-security-features-to-do-bad-things/ Max-age capping in Chrome https://bugs.chromium.org/p/chromium/issues/detail?id=523654 Scott Helme https://scotthelme.co.uk/hpkp-http-public-key-pinning/ https://scotthelme.co.uk/hpkp-cheat-sheet/ https://scotthelme.co.uk/guidance-on-setting-up-hpkp/ Mozilla Developer Network https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning