Certificate pinning can be implemented via HTTP security headers or app reasoning
https://www.demilked.com/author/onovenfldd/
Certificate pinning can be enforced through HTTP security headers or app logic, each with trade-offs in versatility and deployment threat.