To what level does Tor support certificate pinning (aka HPKP, key pinning)?
It is my understanding that HPKP is implemented as a cookie can be used as a "super cookie" and thus it would be cleared across restarts. The documentation on this is less clear on this and a test website claims it's not working at all.
Answers should include whether the cookie survives across restarts. Bonus points for insight on whether it will be supported in the future.
The current version of the Tor browser (4.5) is based on Mozilla Firefox 31.
HPKP Were implemented in Firefox 36 according to https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning
So the current version doesn't support HPKP
But the next one (based on Firefox 38) will probably support it.
One last thing : HPKP is not implemented as a cookie. It can be (mis)used as a "super cookie" (something that is NOT a cookie but can store information in a more durable way), in the same way than HSTS.
The next part is just speculation about the future implementation :
