1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // This file contains the HSTS preloaded list in a machine readable format. 6 7 // The top-level element is a dictionary with two keys: "pinsets" maps details 8 // of certificate pinning to a name and "entries" contains the HSTS details for 9 // each host. 10 // 11 // "pinsets" is a list of objects. Each object has the following members: 12 // name: (string) the name of the pinset 13 // static_spki_hashes: (list of strings) the set of allowed SPKIs hashes 14 // bad_static_spki_hashes: (optional list of strings) the set of forbidden SPKIs hashes 15 // 16 // For a given pinset, a certifiacte is accepted if at least one of the 17 // "static_spki_hashes" SPKIs is found in the chain and none of the "bad_static_spki_hashes" SPKIs are. 18 // SPKIs are specified as names, which must match up with the file of 19 // certificates. 20 // 21 // "entries" is a list of objects. Each object has the following members: 22 // name: (string) the DNS name of the host in question 23 // include_subdomains: (optional bool) whether subdomains of |name| are also covered 24 // mode: (optional string) "force-https" iff covered names should require HTTPS 25 // pins: (optional string) the |name| member of an object in |pinsets| 26 // snionly: (optional bool) if true then this entry is only enforced if TLS is 27 // enabled because the site in question only serves the correct 28 // certificate if SNI is sent. Note that this only covers the case where 29 // TLS has been disabled by explicit configuration. If TLS was disabled 30 // because of SSLv3 fallback, then the entry is still in force and a 31 // fatal certificate error will result. Spurious certificate errors are 32 // an unfortunate result of SSLv3 fallback. 33 34 { 35 "pinsets": [ 36 { 37 "name": "test", 38 "static_spki_hashes": [ 39 "TestSPKI" 40 ] 41 }, 42 { 43 "name": "google", 44 "static_spki_hashes": [ 45 "VeriSignClass3", 46 "VeriSignClass3_G3", 47 "Google1024", 48 "Google2048", 49 "GoogleBackup1024", 50 "GoogleBackup2048", 51 "GoogleG2", 52 "EquifaxSecureCA", 53 "GeoTrustGlobal" 54 ], 55 "bad_static_spki_hashes": [ 56 "Aetna", 57 "Intel", 58 "TCTrustCenter", 59 "Vodafone" 60 ] 61 }, 62 { 63 "name": "tor", 64 "static_spki_hashes": [ 65 "RapidSSL", 66 "DigiCertEVRoot", 67 "Tor1", 68 "Tor2", 69 "Tor3" 70 ] 71 }, 72 { 73 "name": "twitterCom", 74 "static_spki_hashes": [ 75 "VeriSignClass1", 76 "VeriSignClass3", 77 "VeriSignClass3_G4", 78 "VeriSignClass4_G3", 79 "VeriSignClass3_G3", 80 "VeriSignClass1_G3", 81 "VeriSignClass2_G3", 82 "VeriSignClass3_G2", 83 "VeriSignClass2_G2", 84 "VeriSignClass3_G5", 85 "VeriSignUniversal", 86 "GeoTrustGlobal", 87 "GeoTrustGlobal2", 88 "GeoTrustUniversal", 89 "GeoTrustUniversal2", 90 "GeoTrustPrimary", 91 "GeoTrustPrimary_G2", 92 "GeoTrustPrimary_G3", 93 "Twitter1" 94 ] 95 }, 96 { 97 "name": "twitterCDN", 98 "static_spki_hashes": [ 99 "VeriSignClass1", 100 "VeriSignClass3", 101 "VeriSignClass3_G4", 102 "VeriSignClass4_G3", 103 "VeriSignClass3_G3", 104 "VeriSignClass1_G3", 105 "VeriSignClass2_G3", 106 "VeriSignClass3_G2", 107 "VeriSignClass2_G2", 108 "VeriSignClass3_G5", 109 "VeriSignUniversal", 110 "GeoTrustGlobal", 111 "GeoTrustGlobal2", 112 "GeoTrustUniversal", 113 "GeoTrustUniversal2", 114 "GeoTrustPrimary", 115 "GeoTrustPrimary_G2", 116 "GeoTrustPrimary_G3", 117 "Twitter1", 118 119 "Entrust_2048", 120 "Entrust_EV", 121 "Entrust_G2", 122 "Entrust_SSL", 123 "AAACertificateServices", 124 "AddTrustClass1CARoot", 125 "AddTrustExternalCARoot", 126 "AddTrustPublicCARoot", 127 "AddTrustQualifiedCARoot", 128 "COMODOCertificationAuthority", 129 "SecureCertificateServices", 130 "TrustedCertificateServices", 131 "UTNDATACorpSGC", 132 "UTNUSERFirstClientAuthenticationandEmail", 133 "UTNUSERFirstHardware", 134 "UTNUSERFirstObject", 135 "GTECyberTrustGlobalRoot" 136 ] 137 }, 138 { 139 "name": "tor2web", 140 "static_spki_hashes": [ 141 "AlphaSSL_G2", 142 "Tor2web" 143 ] 144 }, 145 { 146 "name": "cryptoCat", 147 "static_spki_hashes": [ 148 "DigiCertEVRoot", 149 "CryptoCat1" 150 ] 151 } 152 ], 153 154 "entries": [ 155 // Dummy entry to test certificate pinning. 156 { "name": "pinningtest.appspot.com", "include_subdomains": true, "pins": "test" }, 157 158 // (*.)google.com, iff using SSL, must use an acceptable certificate. 159 { "name": "google.com", "include_subdomains": true, "pins": "google" }, 160 161 // Now we force HTTPS for subtrees of google.com. 162 { "name": "health.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 163 { "name": "checkout.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 164 { "name": "chrome.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 165 { "name": "docs.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 166 { "name": "sites.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 167 { "name": "spreadsheets.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 168 { "name": "appengine.google.com", "mode": "force-https", "pins": "google" }, 169 { "name": "encrypted.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 170 { "name": "accounts.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 171 { "name": "profiles.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 172 { "name": "mail.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 173 { "name": "talkgadget.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 174 { "name": "talk.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 175 { "name": "hostedtalkgadget.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 176 { "name": "plus.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 177 { "name": "plus.sandbox.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 178 { "name": "script.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 179 { "name": "history.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 180 { "name": "security.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 181 182 // Other Google-related domains that must use HTTPS. 183 { "name": "market.android.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 184 { "name": "ssl.google-analytics.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 185 { "name": "drive.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 186 { "name": "googleplex.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 187 { "name": "groups.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 188 { "name": "apis.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 189 { "name": "chromiumcodereview.appspot.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 190 { "name": "chrome-devtools-frontend.appspot.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 191 { "name": "codereview.appspot.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 192 { "name": "codereview.chromium.org", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 193 { "name": "code.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 194 { "name": "googlecode.com", "include_subdomains": true, "pins": "google" }, 195 { "name": "dl.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 196 197 // chart.apis.google.com is *not* HSTS because the certificate doesn't match 198 // and there are lots of links out there that still use the name. The correct 199 // hostname for this is chart.googleapis.com. 200 { "name": "chart.apis.google.com", "include_subdomains": true, "pins": "google" }, 201 202 // Other Google-related domains that must use an acceptable certificate 203 // iff using SSL. 204 { "name": "ytimg.com", "include_subdomains": true, "pins": "google" }, 205 { "name": "googleusercontent.com", "include_subdomains": true, "pins": "google" }, 206 { "name": "youtube.com", "include_subdomains": true, "pins": "google" }, 207 { "name": "googleapis.com", "include_subdomains": true, "pins": "google" }, 208 { "name": "googleadservices.com", "include_subdomains": true, "pins": "google" }, 209 { "name": "appspot.com", "include_subdomains": true, "pins": "google" }, 210 { "name": "googlesyndication.com", "include_subdomains": true, "pins": "google" }, 211 { "name": "doubleclick.net", "include_subdomains": true, "pins": "google" }, 212 { "name": "ssl.gstatic.com", "include_subdomains": true, "pins": "google" }, 213 { "name": "youtu.be", "include_subdomains": true, "pins": "google" }, 214 { "name": "android.com", "include_subdomains": true, "pins": "google" }, 215 { "name": "googlecommerce.com", "include_subdomains": true, "pins": "google" }, 216 { "name": "urchin.com", "include_subdomains": true, "pins": "google" }, 217 { "name": "goo.gl", "include_subdomains": true, "pins": "google" }, 218 { "name": "g.co", "include_subdomains": true, "pins": "google" }, 219 { "name": "google.ac", "include_subdomains": true, "pins": "google" }, 220 { "name": "google.ad", "include_subdomains": true, "pins": "google" }, 221 { "name": "google.ae", "include_subdomains": true, "pins": "google" }, 222 { "name": "google.af", "include_subdomains": true, "pins": "google" }, 223 { "name": "google.ag", "include_subdomains": true, "pins": "google" }, 224 { "name": "google.am", "include_subdomains": true, "pins": "google" }, 225 { "name": "google.as", "include_subdomains": true, "pins": "google" }, 226 { "name": "google.at", "include_subdomains": true, "pins": "google" }, 227 { "name": "google.az", "include_subdomains": true, "pins": "google" }, 228 { "name": "google.ba", "include_subdomains": true, "pins": "google" }, 229 { "name": "google.be", "include_subdomains": true, "pins": "google" }, 230 { "name": "google.bf", "include_subdomains": true, "pins": "google" }, 231 { "name": "google.bg", "include_subdomains": true, "pins": "google" }, 232 { "name": "google.bi", "include_subdomains": true, "pins": "google" }, 233 { "name": "google.bj", "include_subdomains": true, "pins": "google" }, 234 { "name": "google.bs", "include_subdomains": true, "pins": "google" }, 235 { "name": "google.by", "include_subdomains": true, "pins": "google" }, 236 { "name": "google.ca", "include_subdomains": true, "pins": "google" }, 237 { "name": "google.cat", "include_subdomains": true, "pins": "google" }, 238 { "name": "google.cc", "include_subdomains": true, "pins": "google" }, 239 { "name": "google.cd", "include_subdomains": true, "pins": "google" }, 240 { "name": "google.cf", "include_subdomains": true, "pins": "google" }, 241 { "name": "google.cg", "include_subdomains": true, "pins": "google" }, 242 { "name": "google.ch", "include_subdomains": true, "pins": "google" }, 243 { "name": "google.ci", "include_subdomains": true, "pins": "google" }, 244 { "name": "google.cl", "include_subdomains": true, "pins": "google" }, 245 { "name": "google.cm", "include_subdomains": true, "pins": "google" }, 246 { "name": "google.cn", "include_subdomains": true, "pins": "google" }, 247 { "name": "google.co.ao", "include_subdomains": true, "pins": "google" }, 248 { "name": "google.co.bw", "include_subdomains": true, "pins": "google" }, 249 { "name": "google.co.ck", "include_subdomains": true, "pins": "google" }, 250 { "name": "google.co.cr", "include_subdomains": true, "pins": "google" }, 251 { "name": "google.co.hu", "include_subdomains": true, "pins": "google" }, 252 { "name": "google.co.id", "include_subdomains": true, "pins": "google" }, 253 { "name": "google.co.il", "include_subdomains": true, "pins": "google" }, 254 { "name": "google.co.im", "include_subdomains": true, "pins": "google" }, 255 { "name": "google.co.in", "include_subdomains": true, "pins": "google" }, 256 { "name": "google.co.je", "include_subdomains": true, "pins": "google" }, 257 { "name": "google.co.jp", "include_subdomains": true, "pins": "google" }, 258 { "name": "google.co.ke", "include_subdomains": true, "pins": "google" }, 259 { "name": "google.co.kr", "include_subdomains": true, "pins": "google" }, 260 { "name": "google.co.ls", "include_subdomains": true, "pins": "google" }, 261 { "name": "google.co.ma", "include_subdomains": true, "pins": "google" }, 262 { "name": "google.co.mz", "include_subdomains": true, "pins": "google" }, 263 { "name": "google.co.nz", "include_subdomains": true, "pins": "google" }, 264 { "name": "google.co.th", "include_subdomains": true, "pins": "google" }, 265 { "name": "google.co.tz", "include_subdomains": true, "pins": "google" }, 266 { "name": "google.co.ug", "include_subdomains": true, "pins": "google" }, 267 { "name": "google.co.uk", "include_subdomains": true, "pins": "google" }, 268 { "name": "google.co.uz", "include_subdomains": true, "pins": "google" }, 269 { "name": "google.co.ve", "include_subdomains": true, "pins": "google" }, 270 { "name": "google.co.vi", "include_subdomains": true, "pins": "google" }, 271 { "name": "google.co.za", "include_subdomains": true, "pins": "google" }, 272 { "name": "google.co.zm", "include_subdomains": true, "pins": "google" }, 273 { "name": "google.co.zw", "include_subdomains": true, "pins": "google" }, 274 { "name": "google.com.af", "include_subdomains": true, "pins": "google" }, 275 { "name": "google.com.ag", "include_subdomains": true, "pins": "google" }, 276 { "name": "google.com.ai", "include_subdomains": true, "pins": "google" }, 277 { "name": "google.com.ar", "include_subdomains": true, "pins": "google" }, 278 { "name": "google.com.au", "include_subdomains": true, "pins": "google" }, 279 { "name": "google.com.bd", "include_subdomains": true, "pins": "google" }, 280 { "name": "google.com.bh", "include_subdomains": true, "pins": "google" }, 281 { "name": "google.com.bn", "include_subdomains": true, "pins": "google" }, 282 { "name": "google.com.bo", "include_subdomains": true, "pins": "google" }, 283 { "name": "google.com.br", "include_subdomains": true, "pins": "google" }, 284 { "name": "google.com.by", "include_subdomains": true, "pins": "google" }, 285 { "name": "google.com.bz", "include_subdomains": true, "pins": "google" }, 286 { "name": "google.com.cn", "include_subdomains": true, "pins": "google" }, 287 { "name": "google.com.co", "include_subdomains": true, "pins": "google" }, 288 { "name": "google.com.cu", "include_subdomains": true, "pins": "google" }, 289 { "name": "google.com.cy", "include_subdomains": true, "pins": "google" }, 290 { "name": "google.com.do", "include_subdomains": true, "pins": "google" }, 291 { "name": "google.com.ec", "include_subdomains": true, "pins": "google" }, 292 { "name": "google.com.eg", "include_subdomains": true, "pins": "google" }, 293 { "name": "google.com.et", "include_subdomains": true, "pins": "google" }, 294 { "name": "google.com.fj", "include_subdomains": true, "pins": "google" }, 295 { "name": "google.com.ge", "include_subdomains": true, "pins": "google" }, 296 { "name": "google.com.gh", "include_subdomains": true, "pins": "google" }, 297 { "name": "google.com.gi", "include_subdomains": true, "pins": "google" }, 298 { "name": "google.com.gr", "include_subdomains": true, "pins": "google" }, 299 { "name": "google.com.gt", "include_subdomains": true, "pins": "google" }, 300 { "name": "google.com.hk", "include_subdomains": true, "pins": "google" }, 301 { "name": "google.com.iq", "include_subdomains": true, "pins": "google" }, 302 { "name": "google.com.jm", "include_subdomains": true, "pins": "google" }, 303 { "name": "google.com.jo", "include_subdomains": true, "pins": "google" }, 304 { "name": "google.com.kh", "include_subdomains": true, "pins": "google" }, 305 { "name": "google.com.kw", "include_subdomains": true, "pins": "google" }, 306 { "name": "google.com.lb", "include_subdomains": true, "pins": "google" }, 307 { "name": "google.com.ly", "include_subdomains": true, "pins": "google" }, 308 { "name": "google.com.mt", "include_subdomains": true, "pins": "google" }, 309 { "name": "google.com.mx", "include_subdomains": true, "pins": "google" }, 310 { "name": "google.com.my", "include_subdomains": true, "pins": "google" }, 311 { "name": "google.com.na", "include_subdomains": true, "pins": "google" }, 312 { "name": "google.com.nf", "include_subdomains": true, "pins": "google" }, 313 { "name": "google.com.ng", "include_subdomains": true, "pins": "google" }, 314 { "name": "google.com.ni", "include_subdomains": true, "pins": "google" }, 315 { "name": "google.com.np", "include_subdomains": true, "pins": "google" }, 316 { "name": "google.com.nr", "include_subdomains": true, "pins": "google" }, 317 { "name": "google.com.om", "include_subdomains": true, "pins": "google" }, 318 { "name": "google.com.pa", "include_subdomains": true, "pins": "google" }, 319 { "name": "google.com.pe", "include_subdomains": true, "pins": "google" }, 320 { "name": "google.com.ph", "include_subdomains": true, "pins": "google" }, 321 { "name": "google.com.pk", "include_subdomains": true, "pins": "google" }, 322 { "name": "google.com.pl", "include_subdomains": true, "pins": "google" }, 323 { "name": "google.com.pr", "include_subdomains": true, "pins": "google" }, 324 { "name": "google.com.py", "include_subdomains": true, "pins": "google" }, 325 { "name": "google.com.qa", "include_subdomains": true, "pins": "google" }, 326 { "name": "google.com.ru", "include_subdomains": true, "pins": "google" }, 327 { "name": "google.com.sa", "include_subdomains": true, "pins": "google" }, 328 { "name": "google.com.sb", "include_subdomains": true, "pins": "google" }, 329 { "name": "google.com.sg", "include_subdomains": true, "pins": "google" }, 330 { "name": "google.com.sl", "include_subdomains": true, "pins": "google" }, 331 { "name": "google.com.sv", "include_subdomains": true, "pins": "google" }, 332 { "name": "google.com.tj", "include_subdomains": true, "pins": "google" }, 333 { "name": "google.com.tn", "include_subdomains": true, "pins": "google" }, 334 { "name": "google.com.tr", "include_subdomains": true, "pins": "google" }, 335 { "name": "google.com.tw", "include_subdomains": true, "pins": "google" }, 336 { "name": "google.com.ua", "include_subdomains": true, "pins": "google" }, 337 { "name": "google.com.uy", "include_subdomains": true, "pins": "google" }, 338 { "name": "google.com.vc", "include_subdomains": true, "pins": "google" }, 339 { "name": "google.com.ve", "include_subdomains": true, "pins": "google" }, 340 { "name": "google.com.vn", "include_subdomains": true, "pins": "google" }, 341 { "name": "google.cv", "include_subdomains": true, "pins": "google" }, 342 { "name": "google.cz", "include_subdomains": true, "pins": "google" }, 343 { "name": "google.de", "include_subdomains": true, "pins": "google" }, 344 { "name": "google.dj", "include_subdomains": true, "pins": "google" }, 345 { "name": "google.dk", "include_subdomains": true, "pins": "google" }, 346 { "name": "google.dm", "include_subdomains": true, "pins": "google" }, 347 { "name": "google.dz", "include_subdomains": true, "pins": "google" }, 348 { "name": "google.ee", "include_subdomains": true, "pins": "google" }, 349 { "name": "google.es", "include_subdomains": true, "pins": "google" }, 350 { "name": "google.fi", "include_subdomains": true, "pins": "google" }, 351 { "name": "google.fm", "include_subdomains": true, "pins": "google" }, 352 { "name": "google.fr", "include_subdomains": true, "pins": "google" }, 353 { "name": "google.ga", "include_subdomains": true, "pins": "google" }, 354 { "name": "google.ge", "include_subdomains": true, "pins": "google" }, 355 { "name": "google.gg", "include_subdomains": true, "pins": "google" }, 356 { "name": "google.gl", "include_subdomains": true, "pins": "google" }, 357 { "name": "google.gm", "include_subdomains": true, "pins": "google" }, 358 { "name": "google.gp", "include_subdomains": true, "pins": "google" }, 359 { "name": "google.gr", "include_subdomains": true, "pins": "google" }, 360 { "name": "google.gy", "include_subdomains": true, "pins": "google" }, 361 { "name": "google.hk", "include_subdomains": true, "pins": "google" }, 362 { "name": "google.hn", "include_subdomains": true, "pins": "google" }, 363 { "name": "google.hr", "include_subdomains": true, "pins": "google" }, 364 { "name": "google.ht", "include_subdomains": true, "pins": "google" }, 365 { "name": "google.hu", "include_subdomains": true, "pins": "google" }, 366 { "name": "google.ie", "include_subdomains": true, "pins": "google" }, 367 { "name": "google.im", "include_subdomains": true, "pins": "google" }, 368 { "name": "google.info", "include_subdomains": true, "pins": "google" }, 369 { "name": "google.iq", "include_subdomains": true, "pins": "google" }, 370 { "name": "google.is", "include_subdomains": true, "pins": "google" }, 371 { "name": "google.it", "include_subdomains": true, "pins": "google" }, 372 { "name": "google.it.ao", "include_subdomains": true, "pins": "google" }, 373 { "name": "google.je", "include_subdomains": true, "pins": "google" }, 374 { "name": "google.jo", "include_subdomains": true, "pins": "google" }, 375 { "name": "google.jobs", "include_subdomains": true, "pins": "google" }, 376 { "name": "google.jp", "include_subdomains": true, "pins": "google" }, 377 { "name": "google.kg", "include_subdomains": true, "pins": "google" }, 378 { "name": "google.ki", "include_subdomains": true, "pins": "google" }, 379 { "name": "google.kz", "include_subdomains": true, "pins": "google" }, 380 { "name": "google.la", "include_subdomains": true, "pins": "google" }, 381 { "name": "google.li", "include_subdomains": true, "pins": "google" }, 382 { "name": "google.lk", "include_subdomains": true, "pins": "google" }, 383 { "name": "google.lt", "include_subdomains": true, "pins": "google" }, 384 { "name": "google.lu", "include_subdomains": true, "pins": "google" }, 385 { "name": "google.lv", "include_subdomains": true, "pins": "google" }, 386 { "name": "google.md", "include_subdomains": true, "pins": "google" }, 387 { "name": "google.me", "include_subdomains": true, "pins": "google" }, 388 { "name": "google.mg", "include_subdomains": true, "pins": "google" }, 389 { "name": "google.mk", "include_subdomains": true, "pins": "google" }, 390 { "name": "google.ml", "include_subdomains": true, "pins": "google" }, 391 { "name": "google.mn", "include_subdomains": true, "pins": "google" }, 392 { "name": "google.ms", "include_subdomains": true, "pins": "google" }, 393 { "name": "google.mu", "include_subdomains": true, "pins": "google" }, 394 { "name": "google.mv", "include_subdomains": true, "pins": "google" }, 395 { "name": "google.mw", "include_subdomains": true, "pins": "google" }, 396 { "name": "google.ne", "include_subdomains": true, "pins": "google" }, 397 { "name": "google.ne.jp", "include_subdomains": true, "pins": "google" }, 398 { "name": "google.net", "include_subdomains": true, "pins": "google" }, 399 { "name": "google.nl", "include_subdomains": true, "pins": "google" }, 400 { "name": "google.no", "include_subdomains": true, "pins": "google" }, 401 { "name": "google.nr", "include_subdomains": true, "pins": "google" }, 402 { "name": "google.nu", "include_subdomains": true, "pins": "google" }, 403 { "name": "google.off.ai", "include_subdomains": true, "pins": "google" }, 404 { "name": "google.pk", "include_subdomains": true, "pins": "google" }, 405 { "name": "google.pl", "include_subdomains": true, "pins": "google" }, 406 { "name": "google.pn", "include_subdomains": true, "pins": "google" }, 407 { "name": "google.ps", "include_subdomains": true, "pins": "google" }, 408 { "name": "google.pt", "include_subdomains": true, "pins": "google" }, 409 { "name": "google.ro", "include_subdomains": true, "pins": "google" }, 410 { "name": "google.rs", "include_subdomains": true, "pins": "google" }, 411 { "name": "google.ru", "include_subdomains": true, "pins": "google" }, 412 { "name": "google.rw", "include_subdomains": true, "pins": "google" }, 413 { "name": "google.sc", "include_subdomains": true, "pins": "google" }, 414 { "name": "google.se", "include_subdomains": true, "pins": "google" }, 415 { "name": "google.sh", "include_subdomains": true, "pins": "google" }, 416 { "name": "google.si", "include_subdomains": true, "pins": "google" }, 417 { "name": "google.sk", "include_subdomains": true, "pins": "google" }, 418 { "name": "google.sm", "include_subdomains": true, "pins": "google" }, 419 { "name": "google.sn", "include_subdomains": true, "pins": "google" }, 420 { "name": "google.so", "include_subdomains": true, "pins": "google" }, 421 { "name": "google.st", "include_subdomains": true, "pins": "google" }, 422 { "name": "google.td", "include_subdomains": true, "pins": "google" }, 423 { "name": "google.tg", "include_subdomains": true, "pins": "google" }, 424 { "name": "google.tk", "include_subdomains": true, "pins": "google" }, 425 { "name": "google.tl", "include_subdomains": true, "pins": "google" }, 426 { "name": "google.tm", "include_subdomains": true, "pins": "google" }, 427 { "name": "google.tn", "include_subdomains": true, "pins": "google" }, 428 { "name": "google.to", "include_subdomains": true, "pins": "google" }, 429 { "name": "google.tp", "include_subdomains": true, "pins": "google" }, 430 { "name": "google.tt", "include_subdomains": true, "pins": "google" }, 431 { "name": "google.us", "include_subdomains": true, "pins": "google" }, 432 { "name": "google.uz", "include_subdomains": true, "pins": "google" }, 433 { "name": "google.vg", "include_subdomains": true, "pins": "google" }, 434 { "name": "google.vu", "include_subdomains": true, "pins": "google" }, 435 { "name": "google.ws", "include_subdomains": true, "pins": "google" }, 436 // Exclude the learn.doubleclick.net subdomain because it uses a different 437 // CA. 438 { "name": "learn.doubleclick.net", "include_subdomains": true }, 439 440 // Force HTTPS for sites that have requested it. 441 { "name": "www.paypal.com", "mode": "force-https" }, 442 { "name": "paypal.com", "mode": "force-https" }, 443 { "name": "www.elanex.biz", "mode": "force-https" }, 444 { "name": "jottit.com", "include_subdomains": true, "mode": "force-https" }, 445 { "name": "sunshinepress.org", "include_subdomains": true, "mode": "force-https" }, 446 { "name": "www.noisebridge.net", "mode": "force-https" }, 447 { "name": "neg9.org", "mode": "force-https" }, 448 { "name": "riseup.net", "include_subdomains": true, "mode": "force-https" }, 449 { "name": "factor.cc", "mode": "force-https" }, 450 { "name": "members.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, 451 { "name": "support.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, 452 { "name": "id.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, 453 { "name": "lists.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, 454 { "name": "webmail.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, 455 { "name": "roundcube.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, 456 { "name": "aladdinschools.appspot.com", "mode": "force-https" }, 457 { "name": "ottospora.nl", "include_subdomains": true, "mode": "force-https" }, 458 { "name": "www.paycheckrecords.com", "mode": "force-https" }, 459 { "name": "lastpass.com", "mode": "force-https" }, 460 { "name": "www.lastpass.com", "mode": "force-https" }, 461 { "name": "keyerror.com", "include_subdomains": true, "mode": "force-https" }, 462 { "name": "entropia.de", "mode": "force-https" }, 463 { "name": "www.entropia.de", "mode": "force-https" }, 464 { "name": "romab.com", "include_subdomains": true, "mode": "force-https" }, 465 { "name": "logentries.com", "mode": "force-https" }, 466 { "name": "www.logentries.com", "mode": "force-https" }, 467 { "name": "stripe.com", "include_subdomains": true, "mode": "force-https" }, 468 { "name": "cloudsecurityalliance.org", "include_subdomains": true, "mode": "force-https" }, 469 { "name": "login.sapo.pt", "include_subdomains": true, "mode": "force-https" }, 470 { "name": "mattmccutchen.net", "include_subdomains": true, "mode": "force-https" }, 471 { "name": "betnet.fr", "include_subdomains": true, "mode": "force-https" }, 472 { "name": "uprotect.it", "include_subdomains": true, "mode": "force-https" }, 473 { "name": "squareup.com", "mode": "force-https" }, 474 { "name": "square.com", "include_subdomains": true, "mode": "force-https" }, 475 { "name": "cert.se", "include_subdomains": true, "mode": "force-https" }, 476 { "name": "crypto.is", "include_subdomains": true, "mode": "force-https" }, 477 { "name": "simon.butcher.name", "include_subdomains": true, "mode": "force-https" }, 478 { "name": "linx.net", "include_subdomains": true, "mode": "force-https" }, 479 { "name": "dropcam.com", "mode": "force-https" }, 480 { "name": "www.dropcam.com", "mode": "force-https" }, 481 { "name": "ebanking.indovinabank.com.vn", "include_subdomains": true, "mode": "force-https" }, 482 { "name": "epoxate.com", "mode": "force-https" }, 483 { "name": "torproject.org", "mode": "force-https", "pins": "tor" }, 484 { "name": "blog.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, 485 { "name": "check.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, 486 { "name": "www.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, 487 { "name": "dist.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, 488 { "name": "www.moneybookers.com", "include_subdomains": true, "mode": "force-https" }, 489 { "name": "ledgerscope.net", "mode": "force-https" }, 490 { "name": "www.ledgerscope.net", "mode": "force-https" }, 491 { "name": "app.recurly.com", "include_subdomains": true, "mode": "force-https" }, 492 { "name": "api.recurly.com", "include_subdomains": true, "mode": "force-https" }, 493 { "name": "greplin.com", "mode": "force-https" }, 494 { "name": "www.greplin.com", "mode": "force-https" }, 495 { "name": "luneta.nearbuysystems.com", "include_subdomains": true, "mode": "force-https" }, 496 { "name": "ubertt.org", "include_subdomains": true, "mode": "force-https" }, 497 { "name": "pixi.me", "include_subdomains": true, "mode": "force-https" }, 498 { "name": "grepular.com", "include_subdomains": true, "mode": "force-https" }, 499 { "name": "mydigipass.com", "mode": "force-https" }, 500 { "name": "www.mydigipass.com", "mode": "force-https" }, 501 { "name": "developer.mydigipass.com", "mode": "force-https" }, 502 { "name": "www.developer.mydigipass.com", "mode": "force-https" }, 503 { "name": "sandbox.mydigipass.com", "mode": "force-https" }, 504 { "name": "www.sandbox.mydigipass.com", "mode": "force-https" }, 505 { "name": "crypto.cat", "mode": "force-https", "pins": "cryptoCat" }, 506 { "name": "bigshinylock.minazo.net", "include_subdomains": true, "mode": "force-https" }, 507 { "name": "crate.io", "include_subdomains": true, "mode": "force-https" }, 508 { "name": "twitter.com", "mode": "force-https", "pins": "twitterCom" }, 509 { "name": "www.twitter.com", "include_subdomains": true, "mode": "force-https", "pins": "twitterCom" }, 510 { "name": "api.twitter.com", "include_subdomains": true, "pins": "twitterCDN" }, 511 { "name": "oauth.twitter.com", "include_subdomains": true, "pins": "twitterCom" }, 512 { "name": "mobile.twitter.com", "include_subdomains": true, "pins": "twitterCom" }, 513 { "name": "dev.twitter.com", "include_subdomains": true, "pins": "twitterCom" }, 514 { "name": "business.twitter.com", "include_subdomains": true, "pins": "twitterCom" }, 515 { "name": "platform.twitter.com", "include_subdomains": true, "pins": "twitterCDN" }, 516 { "name": "si0.twimg.com", "include_subdomains": true, "pins": "twitterCDN" }, 517 { "name": "twimg0-a.akamaihd.net", "include_subdomains": true, "pins": "twitterCDN" }, 518 { "name": "braintreegateway.com", "include_subdomains": true, "mode": "force-https" }, 519 { "name": "braintreepayments.com", "mode": "force-https" }, 520 { "name": "www.braintreepayments.com", "mode": "force-https" }, 521 { "name": "emailprivacytester.com", "mode": "force-https" }, 522 { "name": "tor2web.org", "include_subdomains": true, "pins": "tor2web" }, 523 { "name": "business.medbank.com.mt", "include_subdomains": true, "mode": "force-https" }, 524 { "name": "arivo.com.br", "include_subdomains": true, "mode": "force-https" }, 525 { "name": "www.apollo-auto.com", "include_subdomains": true, "mode": "force-https" }, 526 { "name": "www.cueup.com", "include_subdomains": true, "mode": "force-https" }, 527 { "name": "jitsi.org", "mode": "force-https" }, 528 { "name": "www.jitsi.org", "mode": "force-https" }, 529 { "name": "download.jitsi.org", "mode": "force-https" }, 530 { "name": "sol.io", "include_subdomains": true, "mode": "force-https" }, 531 { "name": "irccloud.com", "mode": "force-https" }, 532 { "name": "www.irccloud.com", "mode": "force-https" }, 533 { "name": "alpha.irccloud.com", "mode": "force-https" }, 534 { "name": "passwd.io", "include_subdomains": true, "mode": "force-https" }, 535 { "name": "browserid.org", "include_subdomains": true, "mode": "force-https" }, 536 { "name": "login.persona.org", "include_subdomains": true, "mode": "force-https" }, 537 { "name": "neonisi.com", "mode": "force-https" }, 538 { "name": "www.neonisi.com", "include_subdomains": true, "mode": "force-https" }, 539 { "name": "shops.neonisi.com", "include_subdomains": true, "mode": "force-https" }, 540 { "name": "piratenlogin.de", "include_subdomains": true, "mode": "force-https" }, 541 { "name": "howrandom.org", "include_subdomains": true, "mode": "force-https" }, 542 { "name": "intercom.io", "mode": "force-https" }, 543 { "name": "api.intercom.io", "mode": "force-https" }, 544 { "name": "www.intercom.io", "mode": "force-https" }, 545 { "name": "fatzebra.com.au", "include_subdomains": true, "mode": "force-https" }, 546 { "name": "csawctf.poly.edu", "include_subdomains": true, "mode": "force-https" }, 547 { "name": "makeyourlaws.org", "mode": "force-https" }, 548 { "name": "www.makeyourlaws.org", "mode": "force-https" }, 549 { "name": "iop.intuit.com", "include_subdomains": true, "mode": "force-https" }, 550 { "name": "surfeasy.com", "mode": "force-https" }, 551 { "name": "www.surfeasy.com", "mode": "force-https" }, 552 { "name": "packagist.org", "mode": "force-https" }, 553 { "name": "lookout.com", "mode": "force-https" }, 554 { "name": "www.lookout.com", "mode": "force-https" }, 555 { "name": "mylookout.com", "mode": "force-https" }, 556 { "name": "www.mylookout.com", "mode": "force-https" }, 557 { "name": "dm.lookout.com", "mode": "force-https" }, 558 { "name": "dm.mylookout.com", "mode": "force-https" }, 559 { "name": "itriskltd.com", "include_subdomains": true, "mode": "force-https" }, 560 { "name": "stocktrade.de", "include_subdomains": true, "mode": "force-https" }, 561 { "name": "openshift.redhat.com", "include_subdomains": true, "mode": "force-https" }, 562 { "name": "therapynotes.com", "mode": "force-https" }, 563 { "name": "www.therapynotes.com", "mode": "force-https" }, 564 { "name": "wiz.biz", "include_subdomains": true, "mode": "force-https" }, 565 { "name": "my.onlime.ch", "include_subdomains": true, "mode": "force-https" }, 566 { "name": "webmail.onlime.ch", "include_subdomains": true, "mode": "force-https" }, 567 { "name": "crm.onlime.ch", "include_subdomains": true, "mode": "force-https" }, 568 { "name": "www.gov.uk", "include_subdomains": true, "mode": "force-https" }, 569 { "name": "silentcircle.com", "include_subdomains": true, "mode": "force-https" }, 570 { "name": "silentcircle.org", "include_subdomains": true, "mode": "force-https" }, 571 { "name": "serverdensity.io", "include_subdomains": true, "mode": "force-https" }, 572 { "name": "my.alfresco.com", "include_subdomains": true, "mode": "force-https" }, 573 { "name": "webmail.gigahost.dk", "include_subdomains": true, "mode": "force-https" }, 574 { "name": "paymill.com", "include_subdomains": true, "mode": "force-https" }, 575 { "name": "paymill.de", "include_subdomains": true, "mode": "force-https" }, 576 { "name": "gocardless.com", "include_subdomains": true, "mode": "force-https" }, 577 { "name": "espra.com", "include_subdomains": true, "mode": "force-https" }, 578 { "name": "zoo24.de", "include_subdomains": true, "mode": "force-https" }, 579 { "name": "mega.co.nz", "mode": "force-https" }, 580 { "name": "api.mega.co.nz", "include_subdomains": true, "mode": "force-https" }, 581 { "name": "lockify.com", "include_subdomains": true, "mode": "force-https" }, 582 { "name": "writeapp.me", "mode": "force-https" }, 583 { "name": "bugzilla.mozilla.org", "include_subdomains": true, "mode": "force-https" }, 584 { "name": "members.nearlyfreespeech.net", "include_subdomains": true, "mode": "force-https" }, 585 { "name": "ssl.panoramio.com", "mode": "force-https" }, 586 { "name": "kiwiirc.com", "mode": "force-https" }, 587 { "name": "pay.gigahost.dk", "include_subdomains": true, "mode": "force-https" }, 588 { "name": "controlcenter.gigahost.dk", "include_subdomains": true, "mode": "force-https" }, 589 { "name": "simple.com", "mode": "force-https" }, 590 { "name": "www.simple.com", "mode": "force-https" }, 591 { "name": "fj.simple.com", "mode": "force-https" }, 592 { "name": "api.simple.com", "mode": "force-https" }, 593 { "name": "bank.simple.com", "include_subdomains": true, "mode": "force-https" }, 594 { "name": "bassh.net", "include_subdomains": true, "mode": "force-https" }, 595 { "name": "sah3.net", "include_subdomains": true, "mode": "force-https" }, 596 { "name": "grc.com", "mode": "force-https" }, 597 { "name": "www.grc.com", "mode": "force-https" }, 598 { "name": "linode.com", "mode": "force-https" }, 599 { "name": "www.linode.com", "mode": "force-https" }, 600 { "name": "manager.linode.com", "mode": "force-https" }, 601 { "name": "blog.linode.com", "mode": "force-https" }, 602 { "name": "library.linode.com", "mode": "force-https" }, 603 { "name": "forum.linode.com", "mode": "force-https" }, 604 { "name": "p.linode.com", "mode": "force-https" }, 605 { "name": "paste.linode.com", "mode": "force-https" }, 606 { "name": "pastebin.linode.com", "mode": "force-https" }, 607 { "name": "inertianetworks.com", "include_subdomains": true, "mode": "force-https" }, 608 { "name": "carezone.com", "mode": "force-https" }, 609 { "name": "conformal.com", "include_subdomains": true, "mode": "force-https" }, 610 { "name": "cyphertite.com", "include_subdomains": true, "mode": "force-https" }, 611 { "name": "logotype.se", "include_subdomains": true, "mode": "force-https" }, 612 { "name": "bccx.com", "include_subdomains": true, "mode": "force-https" }, 613 { "name": "launchkey.com", "include_subdomains": true, "mode": "force-https" }, 614 { "name": "carlolly.co.uk", "include_subdomains": true, "mode": "force-https" }, 615 { "name": "www.cyveillance.com", "include_subdomains": true, "mode": "force-https" }, 616 { "name": "blog.cyveillance.com", "include_subdomains": true, "mode": "force-https" }, 617 { "name": "whonix.org", "include_subdomains": true, "mode": "force-https" }, 618 { "name": "blueseed.co", "include_subdomains": true, "mode": "force-https" }, 619 { "name": "forum.quantifiedself.com", "include_subdomains": true, "mode": "force-https" }, 620 { "name": "shodan.io", "include_subdomains": true, "mode": "force-https" }, 621 { "name": "rapidresearch.me", "include_subdomains": true, "mode": "force-https" }, 622 { "name": "surkatty.org", "include_subdomains": true, "mode": "force-https" }, 623 { "name": "securityheaders.com", "include_subdomains": true, "mode": "force-https" }, 624 { "name": "haste.ch", "include_subdomains": true, "mode": "force-https" }, 625 { "name": "mudcrab.us", "include_subdomains": true, "mode": "force-https" }, 626 { "name": "mediacru.sh", "include_subdomains": true, "mode": "force-https" }, 627 628 // Entries that are only valid if the client supports SNI. 629 { "name": "gmail.com", "mode": "force-https", "pins": "google", "snionly": true }, 630 { "name": "googlemail.com", "mode": "force-https", "pins": "google", "snionly": true }, 631 { "name": "www.gmail.com", "mode": "force-https", "pins": "google", "snionly": true }, 632 { "name": "www.googlemail.com", "mode": "force-https", "pins": "google", "snionly": true }, 633 { "name": "google-analytics.com", "include_subdomains": true, "pins": "google", "snionly": true }, 634 { "name": "googlegroups.com", "include_subdomains": true, "pins": "google", "snionly": true } 635 ] 636 } 637
