Deprecate HPKP, and support Expect-CT
Google deprecated HPKP in Chrome 67. There are several reasons behind this, and the main one seems to be HPKP's very low tolerance to mistakes. A misconfiguration in HPKP can be fatal: may render the target website effectively inaccessible for a long time (until the pins expire). This is probably why most sites haven't adopted it. In late 2017, only 375 of the Alexa Top 1 Million sites deployed HPKP.
The proposed alternative is Certificate Transparency. The idea is that CAs log every new certificate they issue to a distributed public log. This log uses Merkle trees to organize the hashes of the certificates, and it is very efficient to query.
Then, instead of pinning keys, web servers send a Expect-CT
HTTP header. This header tells the UA it should check whether the server's certificate has been appended to the CT log.
This is intended to provide the same security guarantees as HPKP, but removes a heavy burden from web site administrators. Their CA will typically append the certificates to the CT log whenever they are renewed.
https://www.certificate-transparency.org/
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ
https://httpwg.org/http-extensions/expect-ct.html#response-header-field-syntax