Align guidance on Public-Key-Pinning

[rbsec]

The web security guidance recommends the use of public key pinning on high value sites, with warnings about the risks of implementing it.

However the MDN Documentation for public key pinning states that it's deprecated and should not be used:

This feature is no longer recommended. Though some browsers might still support it, it may have already been removed from the relevant web standards, may be in the process of being dropped, or may only be kept for compatibility purposes. Avoid using it, and update existing code if possible; see the compatibility table at the bottom of this page to guide your decision. Be aware that this feature may cease to work at any time.

The headers are no longer supported from Chrome, and the MDN documentation recommends fairly strongly against it, so should it be removed from this guidance? If not, maybe MDN should be updated to match this so there's a consistent position on its use?

[atombrella]

@april

[april]

Good call, I'll probably remove it entirely. I do need to update the Observatory at the same time.