Upon receipt of a Public-Key-Pins-Report-Only response header field, the UA should evaluate the policy expressed in the field, and SHOULD generate and send a report. However, failure to validate the Pins in the field MUST have no effect on the validity or non-validity of the policy expressed in the PKP field or in previously noted Pins for the Known Pinned Host. (RFC 7469: Public Key Pinning Extension for HTTP)



JSON

Return to list of all ( HTTP Header Fields | Web Concepts )