title | pcx_content_type | weight | meta | ||
---|---|---|---|---|---|
Certificate pinning |
reference |
8 |
|
Cloudflare does not support HTTP public key pinning (HPKP)1 for Universal, Advanced, or Custom Hostname certificates.
This is because Cloudflare regularly changes the edge certificates provisioned for your domain and - if you had HPKP enabled - your domain would go offline. Additionally, industry experts discourage using HPKP.
For a better solution to the problem that HPKP is trying to solve - preventing certificate misissuance - use Certificate Transparency Monitoring.
Footnotes
-
Key pinning allows a host to instruct a browser to only accept certain public keys when communicating with it for a given period of time. ↩