Certificate Pinning

A security technique where the client hardcodes the expected certificate fingerprint or public key hash and rejects any TLS connection that presents a different certificate, even if it is signed by a trusted CA. Pinning defeats man-in-the-middle attacks that use fraudulently issued certificates. HTTP Public Key Pinning (HPKP) was the browser standard but was deprecated due to misconfiguration risk; mobile apps commonly implement pinning in code via libraries like TrustKit or OkHttp's CertificatePinner.