When implemented, HPKP would send a special HTTP header instructing the browser to associate a specific cryptographic public key with the website for a given period. If, in subsequent connections, the website presented a different key, the browser would reject the connection. However, due to potential risks and complexity, HPKP has been deprecated in favor of other security mechanisms like Certificate Transparency.