Powerful attackers, such as intelligence agencies, can create a signature with the help of a certification agency that is accepted by users. To prevent this, a website can be configured so that the [[CertifcateCertificate|certificate]] must be saved permanently (pinning) when it is called up for the first time. If [https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning Key Pinning] is used, only the saved certificate will be accepted for the period of time specified by the website.