Cloudflare Docs
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Certificate pinning

Cloudflare does not support HTTP public key pinning (HPKP)1 for Universal, Advanced, or Custom Hostname certificates.

This is because Cloudflare regularly changes the edge certificates provisioned for your domain and - if you had HPKP enabled - your domain would go offline. Additionally, industry experts discourage using HPKP.

For a better solution to the problem that HPKP is trying to solve - preventing certificate misissuance - use Certificate Transparency Monitoring.

  1. Key pinning allows a host to instruct a browser to only accept certain public keys when communicating with it for a given period of time. ↩︎