Public Key Pinning

- OTHER

Declare that a website's HTTPS certificate should only be treated as valid if the public key is contained in a specified list to prevent MITM attacks that use valid CA-issued certificates.

IE

  1. 5.5 - 10: Not supported
  2. 11: Not supported

Edge

  1. 12 - 85: Not supported
  2. 86: Not supported

Firefox

  1. 2 - 34: Not supported
  2. 35 - 71: Supported
  3. 72 - 80: Not supported
  4. 81: Not supported
  5. 82 - 83: Not supported

Chrome

  1. 4 - 37: Not supported
  2. 38 - 71: Supported
  3. 72 - 85: Not supported
  4. 86: Not supported
  5. 87 - 89: Not supported

Safari

  1. 3.1 - 13.1: Not supported
  2. 14: Not supported
  3. TP: Not supported

Opera

  1. 9 - 19: Not supported
  2. 20 - 22: Support unknown
  3. 23: Partial support
  4. 24: Support unknown
  5. 25 - 65: Supported
  6. 66 - 70: Not supported
  7. 71: Not supported

iOS Safari

  1. 3.2 - 13.7: Not supported
  2. 14: Not supported

Opera Mini

  1. all: Not supported

Android Browser

  1. 2.1 - 4.4.4: Not supported
  2. 81: Not supported

Blackberry Browser

  1. 7: Not supported
  2. 10: Not supported

Opera Mobile

  1. 10 - 12.1: Not supported
  2. 59: Not supported

Chrome for Android

  1. 85: Not supported

Firefox for Android

  1. 79: Not supported

IE Mobile

  1. 10: Not supported
  2. 11: Not supported

UC Browser for Android

  1. 12.12: Supported

Samsung Internet

  1. 4 - 10.1: Supported
  2. 11.1: Not supported
  3. 12.0: Not supported

QQ Browser

  1. 10.4: Supported

Baidu Browser

  1. 7.12: Supported

KaiOS Browser

  1. 2.5: Supported

All browsers have removed support. The header was too complicated to use, and when incorrectly implemented, could completely block websites for longer periods of time.

Certificate transparency is widely used and tries to provide the same security by very different means.

Resources:
MDN Web Docs - Public Key Pinning
Scott Helme article on the issues of HPKP