Spring Security Deprecate HPKP security header

Related https://github.com/spring-projects/spring-security/issues/4261

Expected Behavior

Since the HPKP HeaderSupport has been deprecated by the browsers in order to support Expect-CT security header, we should deprecate its DSL.

Current Behavior

Spring Security project supports Public-Key-Pins header.

Reference

https://scotthelme.co.uk/hpkp-is-no-more/ https://scotthelme.co.uk/a-new-security-header-expect-ct/

Comment From: marcusdacoregio

Thanks for bringing this up @jiheon-dev.

Since we already have #4261 to add the support for the Expect-CT header, we may transform this issue to deprecate the HPKP header.

Can we change the title to Deprecate HPKP security header, and change the description to add context about this change?

Comment From: jiheon-dev

Yes, I already changed issue title. If you have something to change about my issue context, you can change it anytime.

Thanks for reply my issue @marcusdacoregio