Certificate Pinning
Embed This Widget
Add the script tag and a data attribute to embed this widget.
Embed via iframe for maximum compatibility.
<iframe src="https://statuscodefyi.com/iframe/glossary/certificate-pinning/" width="420" height="400" frameborder="0" style="border:0;border-radius:10px;max-width:100%" loading="lazy"></iframe>Paste this URL in WordPress, Medium, or any oEmbed-compatible platform.
https://statuscodefyi.com/glossary/certificate-pinning/Add a dynamic SVG badge to your README or docs.
[](https://statuscodefyi.com/glossary/certificate-pinning/)Use the native HTML custom element.
A security technique where the client hardcodes the expected certificate fingerprint or public key hash and rejects any TLS connection that presents a different certificate, even if it is signed by a trusted CA. Pinning defeats man-in-the-middle attacks that use fraudulently issued certificates. HTTP Public Key Pinning (HPKP) was the browser standard but was deprecated due to misconfiguration risk; mobile apps commonly implement pinning in code via libraries like TrustKit or OkHttp's CertificatePinner.