HTTP Public Key Pinning
- OTHERDeclare that a website's HTTPS certificate should only be treated as valid if the public key is contained in a list specified over HTTP to prevent MITM attacks that use valid CA-issued certificates.
Chrome
- ❌ 4 - 37: Not supported
- ✅ 38 - 71: Supported
- ❌ 72 - 127: Not supported
- ❌ 128: Not supported
- ❌ 129 - 131: Not supported
Edge
- ❌ 12 - 127: Not supported
- ❌ 128: Not supported
Safari
- ❌ 3.1 - 17.4: Not supported
- ❌ 17.5: Not supported
- ❌ 17.6 - TP: Not supported
Firefox
- ❌ 2 - 34: Not supported
- ✅ 35 - 71: Supported
- ❌ 72 - 129: Not supported
- ❌ 130: Not supported
- ❌ 131 - 133: Not supported
Opera
- ❌ 9 - 19: Not supported
- ﹖ 20 - 22: Support unknown
- ◐ 23: Partial support
- ﹖ 24: Support unknown
- ✅ 25 - 65: Supported
- ❌ 66 - 110: Not supported
- ❌ 111: Not supported
IE
- ❌ 5.5 - 10: Not supported
- ❌ 11: Not supported
Chrome for Android
- ❌ 128: Not supported
Safari on iOS
- ❌ 3.2 - 17.4: Not supported
- ❌ 17.5: Not supported
- ❌ 17.6 - 18.0: Not supported
Samsung Internet
- ✅ 4 - 10.1: Supported
- ❌ 11.1 - 24: Not supported
- ❌ 25: Not supported
Opera Mini
- ❌ all: Not supported
Opera Mobile
- ❌ 10 - 12.1: Not supported
- ❌ 80: Not supported
UC Browser for Android
- ❌ 15.5: Not supported
Android Browser
- ❌ 2.1 - 4.4.4: Not supported
- ❌ 128: Not supported
Firefox for Android
- ❌ 127: Not supported
QQ Browser
- ❌ 14.9: Not supported
Baidu Browser
- ❌ 13.52: Not supported
KaiOS Browser
- ✅ 2.5: Supported
- ❌ 3: Not supported
All browsers have removed support. The header was too complicated to use, and when incorrectly implemented, could completely block websites for longer periods of time.
Certificate transparency is widely used and tries to provide the same security by very different means.