From 9390e35d65e43d80117b7c1cded32bea71c4af43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=98=83=20Stephen=20Shkardoon=20=E2=98=83?=
 <ss23@ss23.geek.nz>
Date: Thu, 16 Mar 2023 21:16:09 +1300
Subject: [PATCH] Remove `Public-Key-Pins` related headers

While deprecated, it may be good practice to remove these headers to help prevent any reported violations.
---
 core/http_proxy.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/core/http_proxy.go b/core/http_proxy.go
index 6a5de8fdd..7670e95ac 100644
--- a/core/http_proxy.go
+++ b/core/http_proxy.go
@@ -619,6 +619,8 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
 			var rm_headers = []string{
 				"Content-Security-Policy",
 				"Content-Security-Policy-Report-Only",
+				"Public-Key-Pins",
+				"Public-Key-Pins-Report-Only",
 				"Strict-Transport-Security",
 				"X-XSS-Protection",
 				"X-Content-Type-Options",