HPKP and HSTS. Global analysys and implementation
HSTS and HPKP are relatively recent protocols, aimed to enforce HTTPS connections and certificate pinning over HTTP.
The combination of these protocols improves and strenghtens HTTP security in general, adding an additional layer of trust and verification, as well as ensuring as far as possible that the connection is always secure. However, the adoption and implementation of any protocol that is not yet completely settled, usually involves the possiblity of introducing new weaknesses, opportunities os attack scenarios. Ewven when these protocols are implementes, bad practives prevent them from actually providing the additional security that is expected. In this document, we have studied the quantity and the quality of the implementation of these two protocols in servers.