
Rolling Out Public Key Pinning with HPKP Reporting - joeyespo
https://developers.google.com/web/updates/2015/09/HPKP-reporting-with-chrome-46
======
teddyh
> _When your site sends such a header, Chrome will verify if the current
> connection matches the pins, and sends a report to the report-uri if not._

Huh. I wonder if this can be used for exploits?

