RFC 7469, "Public Key Pinning Extension for HTTP", April 2015Source of RFC: websec (app)
Errata ID: 5377
Publication Format(s) : TEXT
Reported By: Julian Reschke
Date Reported: 2018-06-02
Section 2.3.4 says:
2.3.4. HTTP-Equiv <Meta> Element Attribute UAs MUST NOT heed http-equiv="Public-Key-Pins" or http-equiv="Public-Key-Pins-Report-Only" attribute settings on <meta> elements [W3C.REC-html401-19991224] in received content.
It should say:
(remove the section)
The spec attempts to make a normative requirement on HTML consumers. It can't do that; that's the role of the HTML spec.
In addition to that, this is already covered by what recent HTML specs say about http-equiv extensibility.