Here, we will learn how to check your website for HTTP Public Key Pinning Header or HPKP. You can now easily find out if HPKP is enabled on your website. You can do this using various free websites like HPKP Analyzer, HTTP Security Report, etc. So, I will explain 4 different websites in this post which lets you check HPKP header status. These websites allow you to simply enter your website URL and then they will show you the HPKP header status of your website. Some of these websites also show report for SSL/TLS, CSP, HSTS, and more.
HPKP or HTTP Public Key Pinning is actually a security policy which is delivered through an HTTP response header of websites. It is quite similar to that of other security policies including Content Security Policy and HTTP Strict Transport Security. This security policy can prevent your website from fraudulent certificate attacks or MITM attacks.
HPKP Analyser is probably one of the best free websites to check your website for HTTP Public Key Pinning header. You can simply open up this website and type your website link to get the HPKP status report. Now, follow the steps below to do the same.
Step 1: After you open the “HPKP Analyzer” homepage, you will be able to see a search bar along with an “Analyze” button. here, you would need to enter your website link in the search bar to proceed.
Step 2: Once you’re done entering the website link, simply click on the “Analyze” button. After that, it will analyze the website and show you whether your website contains the HPKP header policy or not.
HTTP Security Report:
HTTP Security Report is another free website to check HPKP header availability for any website. You can enter the link to any website and then it will show you the HPKP status in no time. It also shows report for CSP, SSL/TLS, HSTS, and more. To know how to exactly use this website, simply go through the required steps below.
Step 1: First, open the homepage of this website and you will see a search field with an “Analyze” button. Now, enter the target website link in the search field.
Step 2: After that, click on the “Analyze” button to analyze the website for HPKP header. Once the analysis is complete, it will display whether the public keys are pinned with the response of your website or not.
SSL Server Test:
SSL Server Test is also a free website which can help you check the HTTP Public Key Pinning header of your website. It also displays the report for Poodle, ALPN, HSTS, etc. You can simply enter the hostname of your website and then it will automatically process the website and show the HPKP status. To do this, follow the steps mentioned below.
Step 1: Go to the “SSL Server Test” homepage and enter your website link in the “Hostname” field. After that, click on the “Submit” button to proceed.
Step 2: When you do that, it will process your website and then show whether the HPKP header is enabled on your website or not. It will simply say Yes or No for the Public Key Pinning option in the report.
Web Server Security Test:
Web Server Security Test is another simple website which you can use to know the status of HTTP Public Key Pinning header of any website. You can do that just by entering your website URL. It even shows other reports for CSP, XSS Protection, X-Frame Options, and more. Now, you can follow the required steps below.
Step 1: When you visit the homepage of this website, you will see a search bar at the top of the window. Now, enter the target website URL in the search bar and hit the “Play” button on the left.
Step 2: As soon as you do that, it will process the website and simply show you the header security report. Among which, you will see the Public Key Pins status as “Good Configuration” or “Misconfiguration or weakness”. Let’s say, your website doesn’t have the HPKP header, then it will simply say that the header was not sent by the server.
These are some of the best websites which can help you easily find the HPKP header status of your website. All these websites are completely free to use. Personally, I like all of them as they are super simple to use and can generate the HPKP results in seconds.