1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // This file contains the HSTS preloaded list in a machine readable format. 6 7 // The top-level element is a dictionary with two keys: "pinsets" maps details 8 // of certificate pinning to a name and "entries" contains the HSTS details for 9 // each host. 10 // 11 // "pinsets" is a list of objects. Each object has the following members: 12 // name: (string) the name of the pinset 13 // static_spki_hashes: (list of strings) the set of allowed SPKIs hashes 14 // bad_static_spki_hashes: (optional list of strings) the set of forbidden SPKIs hashes 15 // 16 // For a given pinset, a certifiacte is accepted if at least one of the 17 // "static_spki_hashes" SPKIs is found in the chain and none of the "bad_static_spki_hashes" SPKIs are. 18 // SPKIs are specified as names, which must match up with the file of 19 // certificates. 20 // 21 // "entries" is a list of objects. Each object has the following members: 22 // name: (string) the DNS name of the host in question 23 // include_subdomains: (optional bool) whether subdomains of |name| are also covered 24 // mode: (optional string) "force-https" iff covered names should require HTTPS 25 // pins: (optional string) the |name| member of an object in |pinsets| 26 // snionly: (optional bool) if true then this entry is only enforced if TLS is 27 // enabled because the site in question only serves the correct 28 // certificate if SNI is sent. Note that this only covers the case where 29 // TLS has been disabled by explicit configuration. If TLS was disabled 30 // because of SSLv3 fallback, then the entry is still in force and a 31 // fatal certificate error will result. Spurious certificate errors are 32 // an unfortunate result of SSLv3 fallback. 33 34 { 35 "pinsets": [ 36 { 37 "name": "test", 38 "static_spki_hashes": [ 39 "TestSPKI" 40 ] 41 }, 42 { 43 "name": "google", 44 "static_spki_hashes": [ 45 "GoogleBackup2048", 46 "GoogleG2" 47 ] 48 }, 49 { 50 "name": "tor", 51 "static_spki_hashes": [ 52 "RapidSSL", 53 "DigiCertEVRoot", 54 "Tor1", 55 "Tor2", 56 "Tor3" 57 ] 58 }, 59 { 60 "name": "twitterCom", 61 "static_spki_hashes": [ 62 "VeriSignClass1", 63 "VeriSignClass3", 64 "VeriSignClass3_G4", 65 "VeriSignClass4_G3", 66 "VeriSignClass3_G3", 67 "VeriSignClass1_G3", 68 "VeriSignClass2_G3", 69 "VeriSignClass3_G2", 70 "VeriSignClass2_G2", 71 "VeriSignClass3_G5", 72 "VeriSignUniversal", 73 "GeoTrustGlobal", 74 "GeoTrustGlobal2", 75 "GeoTrustUniversal", 76 "GeoTrustUniversal2", 77 "GeoTrustPrimary", 78 "GeoTrustPrimary_G2", 79 "GeoTrustPrimary_G3", 80 "DigiCertGlobalRoot", 81 "DigiCertEVRoot", 82 "DigiCertAssuredIDRoot", 83 "Twitter1" 84 ] 85 }, 86 { 87 "name": "twitterCDN", 88 "static_spki_hashes": [ 89 "VeriSignClass1", 90 "VeriSignClass3", 91 "VeriSignClass3_G4", 92 "VeriSignClass4_G3", 93 "VeriSignClass3_G3", 94 "VeriSignClass1_G3", 95 "VeriSignClass2_G3", 96 "VeriSignClass3_G2", 97 "VeriSignClass2_G2", 98 "VeriSignClass3_G5", 99 "VeriSignUniversal", 100 "GeoTrustGlobal", 101 "GeoTrustGlobal2", 102 "GeoTrustUniversal", 103 "GeoTrustUniversal2", 104 "GeoTrustPrimary", 105 "GeoTrustPrimary_G2", 106 "GeoTrustPrimary_G3", 107 "DigiCertGlobalRoot", 108 "DigiCertEVRoot", 109 "DigiCertAssuredIDRoot", 110 "Twitter1", 111 112 "Entrust_2048", 113 "Entrust_EV", 114 "Entrust_G2", 115 "Entrust_SSL", 116 "AAACertificateServices", 117 "AddTrustClass1CARoot", 118 "AddTrustExternalCARoot", 119 "AddTrustPublicCARoot", 120 "AddTrustQualifiedCARoot", 121 "COMODOCertificationAuthority", 122 "SecureCertificateServices", 123 "TrustedCertificateServices", 124 "UTNDATACorpSGC", 125 "UTNUSERFirstClientAuthenticationandEmail", 126 "UTNUSERFirstHardware", 127 "UTNUSERFirstObject", 128 "GTECyberTrustGlobalRoot", 129 "BaltimoreCyberTrustRoot", 130 "GlobalSignRootCA", 131 "GlobalSignRootCA_R2", 132 "GlobalSignRootCA_R3" 133 ] 134 }, 135 { 136 "name": "tor2web", 137 "static_spki_hashes": [ 138 "AlphaSSL_G2", 139 "Tor2web" 140 ] 141 }, 142 { 143 "name": "cryptoCat", 144 "static_spki_hashes": [ 145 "DigiCertEVRoot", 146 "CryptoCat1" 147 ] 148 }, 149 { 150 "name": "lavabit", 151 "static_spki_hashes": [ 152 "Libertylavabitcom" 153 ] 154 } 155 ], 156 157 "entries": [ 158 // Dummy entry to test certificate pinning. 159 { "name": "pinningtest.appspot.com", "include_subdomains": true, "pins": "test" }, 160 161 // (*.)google.com, iff using SSL, must use an acceptable certificate. 162 { "name": "google.com", "include_subdomains": true, "pins": "google" }, 163 164 // Now we force HTTPS for subtrees of google.com. 165 { "name": "wallet.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 166 { "name": "checkout.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 167 { "name": "chrome.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 168 { "name": "docs.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 169 { "name": "sites.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 170 { "name": "spreadsheets.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 171 { "name": "appengine.google.com", "mode": "force-https", "pins": "google" }, 172 { "name": "encrypted.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 173 { "name": "accounts.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 174 { "name": "profiles.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 175 { "name": "mail.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 176 { "name": "talkgadget.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 177 { "name": "talk.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 178 { "name": "hostedtalkgadget.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 179 { "name": "plus.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 180 { "name": "plus.sandbox.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 181 { "name": "script.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 182 { "name": "history.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 183 { "name": "security.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 184 { "name": "goto.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 185 { "name": "cloud.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 186 { "name": "glass.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 187 // play.google.com doesn't have include_subdomains because of crbug.com/327834. 188 { "name": "play.google.com", "mode": "force-https", "pins": "google" }, 189 190 // Other Google-related domains that must use HTTPS. 191 { "name": "market.android.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 192 { "name": "ssl.google-analytics.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 193 { "name": "drive.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 194 { "name": "googleplex.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 195 { "name": "groups.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 196 { "name": "apis.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 197 { "name": "chromiumcodereview.appspot.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 198 { "name": "chrome-devtools-frontend.appspot.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 199 { "name": "codereview.appspot.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 200 { "name": "codereview.chromium.org", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 201 { "name": "code.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 202 { "name": "googlecode.com", "include_subdomains": true, "pins": "google" }, 203 { "name": "dl.google.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 204 { "name": "translate.googleapis.com", "include_subdomains": true, "mode": "force-https", "pins": "google" }, 205 206 // chart.apis.google.com is *not* HSTS because the certificate doesn't match 207 // and there are lots of links out there that still use the name. The correct 208 // hostname for this is chart.googleapis.com. 209 { "name": "chart.apis.google.com", "include_subdomains": true, "pins": "google" }, 210 211 // Other Google-related domains that must use an acceptable certificate 212 // iff using SSL. 213 { "name": "ytimg.com", "include_subdomains": true, "pins": "google" }, 214 { "name": "googleusercontent.com", "include_subdomains": true, "pins": "google" }, 215 { "name": "youtube.com", "include_subdomains": true, "pins": "google" }, 216 { "name": "googleapis.com", "include_subdomains": true, "pins": "google" }, 217 { "name": "googleadservices.com", "include_subdomains": true, "pins": "google" }, 218 { "name": "appspot.com", "include_subdomains": true, "pins": "google" }, 219 { "name": "googlesyndication.com", "include_subdomains": true, "pins": "google" }, 220 { "name": "doubleclick.net", "include_subdomains": true, "pins": "google" }, 221 { "name": "gstatic.com", "include_subdomains": true, "pins": "google" }, 222 { "name": "youtu.be", "include_subdomains": true, "pins": "google" }, 223 { "name": "android.com", "include_subdomains": true, "pins": "google" }, 224 { "name": "googlecommerce.com", "include_subdomains": true, "pins": "google" }, 225 { "name": "urchin.com", "include_subdomains": true, "pins": "google" }, 226 { "name": "goo.gl", "include_subdomains": true, "pins": "google" }, 227 { "name": "g.co", "include_subdomains": true, "pins": "google" }, 228 { "name": "googletagmanager.com", "include_subdomains": true, "pins": "google" }, 229 { "name": "google.ac", "include_subdomains": true, "pins": "google" }, 230 { "name": "google.ad", "include_subdomains": true, "pins": "google" }, 231 { "name": "google.ae", "include_subdomains": true, "pins": "google" }, 232 { "name": "google.af", "include_subdomains": true, "pins": "google" }, 233 { "name": "google.ag", "include_subdomains": true, "pins": "google" }, 234 { "name": "google.am", "include_subdomains": true, "pins": "google" }, 235 { "name": "google.as", "include_subdomains": true, "pins": "google" }, 236 { "name": "google.at", "include_subdomains": true, "pins": "google" }, 237 { "name": "google.az", "include_subdomains": true, "pins": "google" }, 238 { "name": "google.ba", "include_subdomains": true, "pins": "google" }, 239 { "name": "google.be", "include_subdomains": true, "pins": "google" }, 240 { "name": "google.bf", "include_subdomains": true, "pins": "google" }, 241 { "name": "google.bg", "include_subdomains": true, "pins": "google" }, 242 { "name": "google.bi", "include_subdomains": true, "pins": "google" }, 243 { "name": "google.bj", "include_subdomains": true, "pins": "google" }, 244 { "name": "google.bs", "include_subdomains": true, "pins": "google" }, 245 { "name": "google.by", "include_subdomains": true, "pins": "google" }, 246 { "name": "google.ca", "include_subdomains": true, "pins": "google" }, 247 { "name": "google.cat", "include_subdomains": true, "pins": "google" }, 248 { "name": "google.cc", "include_subdomains": true, "pins": "google" }, 249 { "name": "google.cd", "include_subdomains": true, "pins": "google" }, 250 { "name": "google.cf", "include_subdomains": true, "pins": "google" }, 251 { "name": "google.cg", "include_subdomains": true, "pins": "google" }, 252 { "name": "google.ch", "include_subdomains": true, "pins": "google" }, 253 { "name": "google.ci", "include_subdomains": true, "pins": "google" }, 254 { "name": "google.cl", "include_subdomains": true, "pins": "google" }, 255 { "name": "google.cm", "include_subdomains": true, "pins": "google" }, 256 { "name": "google.cn", "include_subdomains": true, "pins": "google" }, 257 { "name": "google.co.ao", "include_subdomains": true, "pins": "google" }, 258 { "name": "google.co.bw", "include_subdomains": true, "pins": "google" }, 259 { "name": "google.co.ck", "include_subdomains": true, "pins": "google" }, 260 { "name": "google.co.cr", "include_subdomains": true, "pins": "google" }, 261 { "name": "google.co.hu", "include_subdomains": true, "pins": "google" }, 262 { "name": "google.co.id", "include_subdomains": true, "pins": "google" }, 263 { "name": "google.co.il", "include_subdomains": true, "pins": "google" }, 264 { "name": "google.co.im", "include_subdomains": true, "pins": "google" }, 265 { "name": "google.co.in", "include_subdomains": true, "pins": "google" }, 266 { "name": "google.co.je", "include_subdomains": true, "pins": "google" }, 267 { "name": "google.co.jp", "include_subdomains": true, "pins": "google" }, 268 { "name": "google.co.ke", "include_subdomains": true, "pins": "google" }, 269 { "name": "google.co.kr", "include_subdomains": true, "pins": "google" }, 270 { "name": "google.co.ls", "include_subdomains": true, "pins": "google" }, 271 { "name": "google.co.ma", "include_subdomains": true, "pins": "google" }, 272 { "name": "google.co.mz", "include_subdomains": true, "pins": "google" }, 273 { "name": "google.co.nz", "include_subdomains": true, "pins": "google" }, 274 { "name": "google.co.th", "include_subdomains": true, "pins": "google" }, 275 { "name": "google.co.tz", "include_subdomains": true, "pins": "google" }, 276 { "name": "google.co.ug", "include_subdomains": true, "pins": "google" }, 277 { "name": "google.co.uk", "include_subdomains": true, "pins": "google" }, 278 { "name": "google.co.uz", "include_subdomains": true, "pins": "google" }, 279 { "name": "google.co.ve", "include_subdomains": true, "pins": "google" }, 280 { "name": "google.co.vi", "include_subdomains": true, "pins": "google" }, 281 { "name": "google.co.za", "include_subdomains": true, "pins": "google" }, 282 { "name": "google.co.zm", "include_subdomains": true, "pins": "google" }, 283 { "name": "google.co.zw", "include_subdomains": true, "pins": "google" }, 284 { "name": "google.com.af", "include_subdomains": true, "pins": "google" }, 285 { "name": "google.com.ag", "include_subdomains": true, "pins": "google" }, 286 { "name": "google.com.ai", "include_subdomains": true, "pins": "google" }, 287 { "name": "google.com.ar", "include_subdomains": true, "pins": "google" }, 288 { "name": "google.com.au", "include_subdomains": true, "pins": "google" }, 289 { "name": "google.com.bd", "include_subdomains": true, "pins": "google" }, 290 { "name": "google.com.bh", "include_subdomains": true, "pins": "google" }, 291 { "name": "google.com.bn", "include_subdomains": true, "pins": "google" }, 292 { "name": "google.com.bo", "include_subdomains": true, "pins": "google" }, 293 { "name": "google.com.br", "include_subdomains": true, "pins": "google" }, 294 { "name": "google.com.by", "include_subdomains": true, "pins": "google" }, 295 { "name": "google.com.bz", "include_subdomains": true, "pins": "google" }, 296 { "name": "google.com.cn", "include_subdomains": true, "pins": "google" }, 297 { "name": "google.com.co", "include_subdomains": true, "pins": "google" }, 298 { "name": "google.com.cu", "include_subdomains": true, "pins": "google" }, 299 { "name": "google.com.cy", "include_subdomains": true, "pins": "google" }, 300 { "name": "google.com.do", "include_subdomains": true, "pins": "google" }, 301 { "name": "google.com.ec", "include_subdomains": true, "pins": "google" }, 302 { "name": "google.com.eg", "include_subdomains": true, "pins": "google" }, 303 { "name": "google.com.et", "include_subdomains": true, "pins": "google" }, 304 { "name": "google.com.fj", "include_subdomains": true, "pins": "google" }, 305 { "name": "google.com.ge", "include_subdomains": true, "pins": "google" }, 306 { "name": "google.com.gh", "include_subdomains": true, "pins": "google" }, 307 { "name": "google.com.gi", "include_subdomains": true, "pins": "google" }, 308 { "name": "google.com.gr", "include_subdomains": true, "pins": "google" }, 309 { "name": "google.com.gt", "include_subdomains": true, "pins": "google" }, 310 { "name": "google.com.hk", "include_subdomains": true, "pins": "google" }, 311 { "name": "google.com.iq", "include_subdomains": true, "pins": "google" }, 312 { "name": "google.com.jm", "include_subdomains": true, "pins": "google" }, 313 { "name": "google.com.jo", "include_subdomains": true, "pins": "google" }, 314 { "name": "google.com.kh", "include_subdomains": true, "pins": "google" }, 315 { "name": "google.com.kw", "include_subdomains": true, "pins": "google" }, 316 { "name": "google.com.lb", "include_subdomains": true, "pins": "google" }, 317 { "name": "google.com.ly", "include_subdomains": true, "pins": "google" }, 318 { "name": "google.com.mt", "include_subdomains": true, "pins": "google" }, 319 { "name": "google.com.mx", "include_subdomains": true, "pins": "google" }, 320 { "name": "google.com.my", "include_subdomains": true, "pins": "google" }, 321 { "name": "google.com.na", "include_subdomains": true, "pins": "google" }, 322 { "name": "google.com.nf", "include_subdomains": true, "pins": "google" }, 323 { "name": "google.com.ng", "include_subdomains": true, "pins": "google" }, 324 { "name": "google.com.ni", "include_subdomains": true, "pins": "google" }, 325 { "name": "google.com.np", "include_subdomains": true, "pins": "google" }, 326 { "name": "google.com.nr", "include_subdomains": true, "pins": "google" }, 327 { "name": "google.com.om", "include_subdomains": true, "pins": "google" }, 328 { "name": "google.com.pa", "include_subdomains": true, "pins": "google" }, 329 { "name": "google.com.pe", "include_subdomains": true, "pins": "google" }, 330 { "name": "google.com.ph", "include_subdomains": true, "pins": "google" }, 331 { "name": "google.com.pk", "include_subdomains": true, "pins": "google" }, 332 { "name": "google.com.pl", "include_subdomains": true, "pins": "google" }, 333 { "name": "google.com.pr", "include_subdomains": true, "pins": "google" }, 334 { "name": "google.com.py", "include_subdomains": true, "pins": "google" }, 335 { "name": "google.com.qa", "include_subdomains": true, "pins": "google" }, 336 { "name": "google.com.ru", "include_subdomains": true, "pins": "google" }, 337 { "name": "google.com.sa", "include_subdomains": true, "pins": "google" }, 338 { "name": "google.com.sb", "include_subdomains": true, "pins": "google" }, 339 { "name": "google.com.sg", "include_subdomains": true, "pins": "google" }, 340 { "name": "google.com.sl", "include_subdomains": true, "pins": "google" }, 341 { "name": "google.com.sv", "include_subdomains": true, "pins": "google" }, 342 { "name": "google.com.tj", "include_subdomains": true, "pins": "google" }, 343 { "name": "google.com.tn", "include_subdomains": true, "pins": "google" }, 344 { "name": "google.com.tr", "include_subdomains": true, "pins": "google" }, 345 { "name": "google.com.tw", "include_subdomains": true, "pins": "google" }, 346 { "name": "google.com.ua", "include_subdomains": true, "pins": "google" }, 347 { "name": "google.com.uy", "include_subdomains": true, "pins": "google" }, 348 { "name": "google.com.vc", "include_subdomains": true, "pins": "google" }, 349 { "name": "google.com.ve", "include_subdomains": true, "pins": "google" }, 350 { "name": "google.com.vn", "include_subdomains": true, "pins": "google" }, 351 { "name": "google.cv", "include_subdomains": true, "pins": "google" }, 352 { "name": "google.cz", "include_subdomains": true, "pins": "google" }, 353 { "name": "google.de", "include_subdomains": true, "pins": "google" }, 354 { "name": "google.dj", "include_subdomains": true, "pins": "google" }, 355 { "name": "google.dk", "include_subdomains": true, "pins": "google" }, 356 { "name": "google.dm", "include_subdomains": true, "pins": "google" }, 357 { "name": "google.dz", "include_subdomains": true, "pins": "google" }, 358 { "name": "google.ee", "include_subdomains": true, "pins": "google" }, 359 { "name": "google.es", "include_subdomains": true, "pins": "google" }, 360 { "name": "google.fi", "include_subdomains": true, "pins": "google" }, 361 { "name": "google.fm", "include_subdomains": true, "pins": "google" }, 362 { "name": "google.fr", "include_subdomains": true, "pins": "google" }, 363 { "name": "google.ga", "include_subdomains": true, "pins": "google" }, 364 { "name": "google.ge", "include_subdomains": true, "pins": "google" }, 365 { "name": "google.gg", "include_subdomains": true, "pins": "google" }, 366 { "name": "google.gl", "include_subdomains": true, "pins": "google" }, 367 { "name": "google.gm", "include_subdomains": true, "pins": "google" }, 368 { "name": "google.gp", "include_subdomains": true, "pins": "google" }, 369 { "name": "google.gr", "include_subdomains": true, "pins": "google" }, 370 { "name": "google.gy", "include_subdomains": true, "pins": "google" }, 371 { "name": "google.hk", "include_subdomains": true, "pins": "google" }, 372 { "name": "google.hn", "include_subdomains": true, "pins": "google" }, 373 { "name": "google.hr", "include_subdomains": true, "pins": "google" }, 374 { "name": "google.ht", "include_subdomains": true, "pins": "google" }, 375 { "name": "google.hu", "include_subdomains": true, "pins": "google" }, 376 { "name": "google.ie", "include_subdomains": true, "pins": "google" }, 377 { "name": "google.im", "include_subdomains": true, "pins": "google" }, 378 { "name": "google.info", "include_subdomains": true, "pins": "google" }, 379 { "name": "google.iq", "include_subdomains": true, "pins": "google" }, 380 { "name": "google.is", "include_subdomains": true, "pins": "google" }, 381 { "name": "google.it", "include_subdomains": true, "pins": "google" }, 382 { "name": "google.it.ao", "include_subdomains": true, "pins": "google" }, 383 { "name": "google.je", "include_subdomains": true, "pins": "google" }, 384 { "name": "google.jo", "include_subdomains": true, "pins": "google" }, 385 { "name": "google.jobs", "include_subdomains": true, "pins": "google" }, 386 { "name": "google.jp", "include_subdomains": true, "pins": "google" }, 387 { "name": "google.kg", "include_subdomains": true, "pins": "google" }, 388 { "name": "google.ki", "include_subdomains": true, "pins": "google" }, 389 { "name": "google.kz", "include_subdomains": true, "pins": "google" }, 390 { "name": "google.la", "include_subdomains": true, "pins": "google" }, 391 { "name": "google.li", "include_subdomains": true, "pins": "google" }, 392 { "name": "google.lk", "include_subdomains": true, "pins": "google" }, 393 { "name": "google.lt", "include_subdomains": true, "pins": "google" }, 394 { "name": "google.lu", "include_subdomains": true, "pins": "google" }, 395 { "name": "google.lv", "include_subdomains": true, "pins": "google" }, 396 { "name": "google.md", "include_subdomains": true, "pins": "google" }, 397 { "name": "google.me", "include_subdomains": true, "pins": "google" }, 398 { "name": "google.mg", "include_subdomains": true, "pins": "google" }, 399 { "name": "google.mk", "include_subdomains": true, "pins": "google" }, 400 { "name": "google.ml", "include_subdomains": true, "pins": "google" }, 401 { "name": "google.mn", "include_subdomains": true, "pins": "google" }, 402 { "name": "google.ms", "include_subdomains": true, "pins": "google" }, 403 { "name": "google.mu", "include_subdomains": true, "pins": "google" }, 404 { "name": "google.mv", "include_subdomains": true, "pins": "google" }, 405 { "name": "google.mw", "include_subdomains": true, "pins": "google" }, 406 { "name": "google.ne", "include_subdomains": true, "pins": "google" }, 407 { "name": "google.ne.jp", "include_subdomains": true, "pins": "google" }, 408 { "name": "google.net", "include_subdomains": true, "pins": "google" }, 409 { "name": "google.nl", "include_subdomains": true, "pins": "google" }, 410 { "name": "google.no", "include_subdomains": true, "pins": "google" }, 411 { "name": "google.nr", "include_subdomains": true, "pins": "google" }, 412 { "name": "google.nu", "include_subdomains": true, "pins": "google" }, 413 { "name": "google.off.ai", "include_subdomains": true, "pins": "google" }, 414 { "name": "google.pk", "include_subdomains": true, "pins": "google" }, 415 { "name": "google.pl", "include_subdomains": true, "pins": "google" }, 416 { "name": "google.pn", "include_subdomains": true, "pins": "google" }, 417 { "name": "google.ps", "include_subdomains": true, "pins": "google" }, 418 { "name": "google.pt", "include_subdomains": true, "pins": "google" }, 419 { "name": "google.ro", "include_subdomains": true, "pins": "google" }, 420 { "name": "google.rs", "include_subdomains": true, "pins": "google" }, 421 { "name": "google.ru", "include_subdomains": true, "pins": "google" }, 422 { "name": "google.rw", "include_subdomains": true, "pins": "google" }, 423 { "name": "google.sc", "include_subdomains": true, "pins": "google" }, 424 { "name": "google.se", "include_subdomains": true, "pins": "google" }, 425 { "name": "google.sh", "include_subdomains": true, "pins": "google" }, 426 { "name": "google.si", "include_subdomains": true, "pins": "google" }, 427 { "name": "google.sk", "include_subdomains": true, "pins": "google" }, 428 { "name": "google.sm", "include_subdomains": true, "pins": "google" }, 429 { "name": "google.sn", "include_subdomains": true, "pins": "google" }, 430 { "name": "google.so", "include_subdomains": true, "pins": "google" }, 431 { "name": "google.st", "include_subdomains": true, "pins": "google" }, 432 { "name": "google.td", "include_subdomains": true, "pins": "google" }, 433 { "name": "google.tg", "include_subdomains": true, "pins": "google" }, 434 { "name": "google.tk", "include_subdomains": true, "pins": "google" }, 435 { "name": "google.tl", "include_subdomains": true, "pins": "google" }, 436 { "name": "google.tm", "include_subdomains": true, "pins": "google" }, 437 { "name": "google.tn", "include_subdomains": true, "pins": "google" }, 438 { "name": "google.to", "include_subdomains": true, "pins": "google" }, 439 { "name": "google.tp", "include_subdomains": true, "pins": "google" }, 440 { "name": "google.tt", "include_subdomains": true, "pins": "google" }, 441 { "name": "google.us", "include_subdomains": true, "pins": "google" }, 442 { "name": "google.uz", "include_subdomains": true, "pins": "google" }, 443 { "name": "google.vg", "include_subdomains": true, "pins": "google" }, 444 { "name": "google.vu", "include_subdomains": true, "pins": "google" }, 445 { "name": "google.ws", "include_subdomains": true, "pins": "google" }, 446 // Exclude the learn.doubleclick.net subdomain because it uses a different 447 // CA. 448 { "name": "learn.doubleclick.net", "include_subdomains": true }, 449 450 // Force HTTPS for sites that have requested it. 451 { "name": "www.paypal.com", "mode": "force-https" }, 452 { "name": "paypal.com", "mode": "force-https" }, 453 { "name": "www.elanex.biz", "mode": "force-https" }, 454 { "name": "jottit.com", "include_subdomains": true, "mode": "force-https" }, 455 { "name": "sunshinepress.org", "include_subdomains": true, "mode": "force-https" }, 456 { "name": "www.noisebridge.net", "mode": "force-https" }, 457 { "name": "neg9.org", "mode": "force-https" }, 458 { "name": "riseup.net", "include_subdomains": true, "mode": "force-https" }, 459 { "name": "factor.cc", "mode": "force-https" }, 460 { "name": "members.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, 461 { "name": "support.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, 462 { "name": "id.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, 463 { "name": "lists.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, 464 { "name": "webmail.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, 465 { "name": "roundcube.mayfirst.org", "include_subdomains": true, "mode": "force-https" }, 466 { "name": "aladdinschools.appspot.com", "mode": "force-https" }, 467 { "name": "ottospora.nl", "include_subdomains": true, "mode": "force-https" }, 468 { "name": "www.paycheckrecords.com", "mode": "force-https" }, 469 { "name": "lastpass.com", "mode": "force-https" }, 470 { "name": "www.lastpass.com", "mode": "force-https" }, 471 { "name": "keyerror.com", "include_subdomains": true, "mode": "force-https" }, 472 { "name": "entropia.de", "mode": "force-https" }, 473 { "name": "www.entropia.de", "mode": "force-https" }, 474 { "name": "romab.com", "include_subdomains": true, "mode": "force-https" }, 475 { "name": "logentries.com", "mode": "force-https" }, 476 { "name": "www.logentries.com", "mode": "force-https" }, 477 { "name": "stripe.com", "include_subdomains": true, "mode": "force-https" }, 478 { "name": "cloudsecurityalliance.org", "include_subdomains": true, "mode": "force-https" }, 479 { "name": "login.sapo.pt", "include_subdomains": true, "mode": "force-https" }, 480 { "name": "mattmccutchen.net", "include_subdomains": true, "mode": "force-https" }, 481 { "name": "betnet.fr", "include_subdomains": true, "mode": "force-https" }, 482 { "name": "uprotect.it", "include_subdomains": true, "mode": "force-https" }, 483 { "name": "squareup.com", "mode": "force-https" }, 484 { "name": "square.com", "include_subdomains": true, "mode": "force-https" }, 485 { "name": "cert.se", "include_subdomains": true, "mode": "force-https" }, 486 { "name": "crypto.is", "include_subdomains": true, "mode": "force-https" }, 487 { "name": "simon.butcher.name", "include_subdomains": true, "mode": "force-https" }, 488 { "name": "linx.net", "include_subdomains": true, "mode": "force-https" }, 489 { "name": "dropcam.com", "mode": "force-https" }, 490 { "name": "www.dropcam.com", "mode": "force-https" }, 491 { "name": "ebanking.indovinabank.com.vn", "include_subdomains": true, "mode": "force-https" }, 492 { "name": "epoxate.com", "mode": "force-https" }, 493 { "name": "torproject.org", "mode": "force-https", "pins": "tor" }, 494 { "name": "blog.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, 495 { "name": "check.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, 496 { "name": "www.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, 497 { "name": "dist.torproject.org", "include_subdomains": true, "mode": "force-https", "pins": "tor" }, 498 { "name": "www.moneybookers.com", "include_subdomains": true, "mode": "force-https" }, 499 { "name": "ledgerscope.net", "mode": "force-https" }, 500 { "name": "www.ledgerscope.net", "mode": "force-https" }, 501 { "name": "app.recurly.com", "include_subdomains": true, "mode": "force-https" }, 502 { "name": "api.recurly.com", "include_subdomains": true, "mode": "force-https" }, 503 { "name": "greplin.com", "mode": "force-https" }, 504 { "name": "www.greplin.com", "mode": "force-https" }, 505 { "name": "luneta.nearbuysystems.com", "include_subdomains": true, "mode": "force-https" }, 506 { "name": "ubertt.org", "include_subdomains": true, "mode": "force-https" }, 507 { "name": "pixi.me", "include_subdomains": true, "mode": "force-https" }, 508 { "name": "grepular.com", "include_subdomains": true, "mode": "force-https" }, 509 { "name": "mydigipass.com", "mode": "force-https" }, 510 { "name": "www.mydigipass.com", "mode": "force-https" }, 511 { "name": "developer.mydigipass.com", "mode": "force-https" }, 512 { "name": "www.developer.mydigipass.com", "mode": "force-https" }, 513 { "name": "sandbox.mydigipass.com", "mode": "force-https" }, 514 { "name": "www.sandbox.mydigipass.com", "mode": "force-https" }, 515 { "name": "crypto.cat", "mode": "force-https", "pins": "cryptoCat" }, 516 { "name": "bigshinylock.minazo.net", "include_subdomains": true, "mode": "force-https" }, 517 { "name": "crate.io", "include_subdomains": true, "mode": "force-https" }, 518 { "name": "twitter.com", "mode": "force-https", "pins": "twitterCom" }, 519 { "name": "www.twitter.com", "include_subdomains": true, "mode": "force-https", "pins": "twitterCom" }, 520 { "name": "api.twitter.com", "include_subdomains": true, "pins": "twitterCDN" }, 521 { "name": "oauth.twitter.com", "include_subdomains": true, "pins": "twitterCom" }, 522 { "name": "mobile.twitter.com", "include_subdomains": true, "pins": "twitterCom" }, 523 { "name": "dev.twitter.com", "include_subdomains": true, "pins": "twitterCom" }, 524 { "name": "business.twitter.com", "include_subdomains": true, "pins": "twitterCom" }, 525 { "name": "platform.twitter.com", "include_subdomains": true, "pins": "twitterCDN" }, 526 { "name": "twimg.com", "include_subdomains": true, "pins": "twitterCDN" }, 527 { "name": "braintreegateway.com", "include_subdomains": true, "mode": "force-https" }, 528 { "name": "braintreepayments.com", "mode": "force-https" }, 529 { "name": "www.braintreepayments.com", "mode": "force-https" }, 530 { "name": "emailprivacytester.com", "mode": "force-https" }, 531 { "name": "tor2web.org", "include_subdomains": true, "pins": "tor2web" }, 532 { "name": "business.medbank.com.mt", "include_subdomains": true, "mode": "force-https" }, 533 { "name": "arivo.com.br", "include_subdomains": true, "mode": "force-https" }, 534 { "name": "www.apollo-auto.com", "include_subdomains": true, "mode": "force-https" }, 535 { "name": "www.cueup.com", "include_subdomains": true, "mode": "force-https" }, 536 { "name": "jitsi.org", "mode": "force-https" }, 537 { "name": "www.jitsi.org", "mode": "force-https" }, 538 { "name": "download.jitsi.org", "mode": "force-https" }, 539 { "name": "sol.io", "include_subdomains": true, "mode": "force-https" }, 540 { "name": "irccloud.com", "mode": "force-https" }, 541 { "name": "www.irccloud.com", "mode": "force-https" }, 542 { "name": "alpha.irccloud.com", "mode": "force-https" }, 543 { "name": "passwd.io", "include_subdomains": true, "mode": "force-https" }, 544 { "name": "browserid.org", "include_subdomains": true, "mode": "force-https" }, 545 { "name": "login.persona.org", "include_subdomains": true, "mode": "force-https" }, 546 { "name": "neonisi.com", "mode": "force-https" }, 547 { "name": "www.neonisi.com", "include_subdomains": true, "mode": "force-https" }, 548 { "name": "shops.neonisi.com", "include_subdomains": true, "mode": "force-https" }, 549 { "name": "piratenlogin.de", "include_subdomains": true, "mode": "force-https" }, 550 { "name": "howrandom.org", "include_subdomains": true, "mode": "force-https" }, 551 { "name": "intercom.io", "mode": "force-https" }, 552 { "name": "api.intercom.io", "mode": "force-https" }, 553 { "name": "www.intercom.io", "mode": "force-https" }, 554 { "name": "fatzebra.com.au", "include_subdomains": true, "mode": "force-https" }, 555 { "name": "csawctf.poly.edu", "include_subdomains": true, "mode": "force-https" }, 556 { "name": "makeyourlaws.org", "mode": "force-https" }, 557 { "name": "www.makeyourlaws.org", "mode": "force-https" }, 558 { "name": "iop.intuit.com", "include_subdomains": true, "mode": "force-https" }, 559 { "name": "surfeasy.com", "mode": "force-https" }, 560 { "name": "www.surfeasy.com", "mode": "force-https" }, 561 { "name": "packagist.org", "mode": "force-https" }, 562 { "name": "lookout.com", "mode": "force-https" }, 563 { "name": "www.lookout.com", "mode": "force-https" }, 564 { "name": "mylookout.com", "mode": "force-https" }, 565 { "name": "www.mylookout.com", "mode": "force-https" }, 566 { "name": "dm.lookout.com", "include_subdomains": true, "mode": "force-https" }, 567 { "name": "business.lookout.com", "include_subdomains": true, "mode": "force-https" }, 568 { "name": "blog.lookout.com", "include_subdomains": true, "mode": "force-https" }, 569 { "name": "faq.lookout.com", "include_subdomains": true, "mode": "force-https" }, 570 { "name": "platform.lookout.com", "include_subdomains": true, "mode": "force-https" }, 571 { "name": "email.lookout.com", "include_subdomains": true, "mode": "force-https" }, 572 { "name": "itriskltd.com", "include_subdomains": true, "mode": "force-https" }, 573 { "name": "stocktrade.de", "include_subdomains": true, "mode": "force-https" }, 574 { "name": "openshift.redhat.com", "include_subdomains": true, "mode": "force-https" }, 575 { "name": "therapynotes.com", "mode": "force-https" }, 576 { "name": "www.therapynotes.com", "mode": "force-https" }, 577 { "name": "wiz.biz", "include_subdomains": true, "mode": "force-https" }, 578 { "name": "my.onlime.ch", "include_subdomains": true, "mode": "force-https" }, 579 { "name": "webmail.onlime.ch", "include_subdomains": true, "mode": "force-https" }, 580 { "name": "crm.onlime.ch", "include_subdomains": true, "mode": "force-https" }, 581 { "name": "www.gov.uk", "include_subdomains": true, "mode": "force-https" }, 582 { "name": "silentcircle.com", "include_subdomains": true, "mode": "force-https" }, 583 { "name": "silentcircle.org", "include_subdomains": true, "mode": "force-https" }, 584 { "name": "serverdensity.io", "include_subdomains": true, "mode": "force-https" }, 585 { "name": "my.alfresco.com", "include_subdomains": true, "mode": "force-https" }, 586 { "name": "webmail.gigahost.dk", "include_subdomains": true, "mode": "force-https" }, 587 { "name": "paymill.com", "include_subdomains": true, "mode": "force-https" }, 588 { "name": "paymill.de", "include_subdomains": true, "mode": "force-https" }, 589 { "name": "gocardless.com", "include_subdomains": true, "mode": "force-https" }, 590 { "name": "espra.com", "include_subdomains": true, "mode": "force-https" }, 591 { "name": "zoo24.de", "include_subdomains": true, "mode": "force-https" }, 592 { "name": "mega.co.nz", "mode": "force-https" }, 593 { "name": "api.mega.co.nz", "include_subdomains": true, "mode": "force-https" }, 594 { "name": "lockify.com", "include_subdomains": true, "mode": "force-https" }, 595 { "name": "writeapp.me", "mode": "force-https" }, 596 { "name": "bugzilla.mozilla.org", "include_subdomains": true, "mode": "force-https" }, 597 { "name": "members.nearlyfreespeech.net", "include_subdomains": true, "mode": "force-https" }, 598 { "name": "ssl.panoramio.com", "mode": "force-https" }, 599 { "name": "kiwiirc.com", "mode": "force-https" }, 600 { "name": "pay.gigahost.dk", "include_subdomains": true, "mode": "force-https" }, 601 { "name": "controlcenter.gigahost.dk", "include_subdomains": true, "mode": "force-https" }, 602 { "name": "simple.com", "mode": "force-https" }, 603 { "name": "www.simple.com", "mode": "force-https" }, 604 { "name": "fj.simple.com", "mode": "force-https" }, 605 { "name": "api.simple.com", "mode": "force-https" }, 606 { "name": "bank.simple.com", "include_subdomains": true, "mode": "force-https" }, 607 { "name": "bassh.net", "include_subdomains": true, "mode": "force-https" }, 608 { "name": "sah3.net", "include_subdomains": true, "mode": "force-https" }, 609 { "name": "grc.com", "mode": "force-https" }, 610 { "name": "www.grc.com", "mode": "force-https" }, 611 { "name": "linode.com", "mode": "force-https" }, 612 { "name": "www.linode.com", "mode": "force-https" }, 613 { "name": "manager.linode.com", "mode": "force-https" }, 614 { "name": "blog.linode.com", "mode": "force-https" }, 615 { "name": "library.linode.com", "mode": "force-https" }, 616 { "name": "forum.linode.com", "mode": "force-https" }, 617 { "name": "p.linode.com", "mode": "force-https" }, 618 { "name": "paste.linode.com", "mode": "force-https" }, 619 { "name": "pastebin.linode.com", "mode": "force-https" }, 620 { "name": "inertianetworks.com", "include_subdomains": true, "mode": "force-https" }, 621 { "name": "carezone.com", "mode": "force-https" }, 622 { "name": "conformal.com", "include_subdomains": true, "mode": "force-https" }, 623 { "name": "cyphertite.com", "include_subdomains": true, "mode": "force-https" }, 624 { "name": "logotype.se", "include_subdomains": true, "mode": "force-https" }, 625 { "name": "bccx.com", "include_subdomains": true, "mode": "force-https" }, 626 { "name": "launchkey.com", "include_subdomains": true, "mode": "force-https" }, 627 { "name": "carlolly.co.uk", "include_subdomains": true, "mode": "force-https" }, 628 { "name": "www.cyveillance.com", "include_subdomains": true, "mode": "force-https" }, 629 { "name": "blog.cyveillance.com", "include_subdomains": true, "mode": "force-https" }, 630 { "name": "whonix.org", "include_subdomains": true, "mode": "force-https" }, 631 { "name": "shodan.io", "include_subdomains": true, "mode": "force-https" }, 632 { "name": "rapidresearch.me", "include_subdomains": true, "mode": "force-https" }, 633 { "name": "surkatty.org", "include_subdomains": true, "mode": "force-https" }, 634 { "name": "securityheaders.com", "include_subdomains": true, "mode": "force-https" }, 635 { "name": "haste.ch", "include_subdomains": true, "mode": "force-https" }, 636 { "name": "mudcrab.us", "include_subdomains": true, "mode": "force-https" }, 637 { "name": "mediacru.sh", "include_subdomains": true, "mode": "force-https" }, 638 { "name": "lolicore.ch", "include_subdomains": true, "mode": "force-https" }, 639 { "name": "cloudns.com.au", "include_subdomains": true, "mode": "force-https" }, 640 { "name": "oplop.appspot.com", "include_subdomains": true, "mode": "force-https" }, 641 { "name": "bcrook.com", "mode": "force-https" }, 642 { "name": "wiki.python.org", "include_subdomains": true, "mode": "force-https" }, 643 { "name": "lumi.do", "mode": "force-https" }, 644 { "name": "appseccalifornia.org", "include_subdomains": true, "mode": "force-https" }, 645 { "name": "crowdcurity.com", "include_subdomains": true, "mode": "force-https" }, 646 { "name": "saturngames.co.uk", "include_subdomains": true, "mode": "force-https" }, 647 { "name": "strongest-privacy.com", "include_subdomains": true, "mode": "force-https" }, 648 { "name": "ecosystem.atlassian.net", "include_subdomains": true, "mode": "force-https" }, 649 { "name": "id.atlassian.com", "include_subdomains": true, "mode": "force-https" }, 650 { "name": "bitbucket.org", "mode": "force-https" }, 651 { "name": "cupcake.io", "include_subdomains": true, "mode": "force-https" }, 652 { "name": "cupcake.is", "include_subdomains": true, "mode": "force-https" }, 653 { "name": "tent.io", "include_subdomains": true, "mode": "force-https" }, 654 { "name": "cybozu.com", "include_subdomains": true, "mode": "force-https" }, 655 { "name": "davidlyness.com", "include_subdomains": true, "mode": "force-https" }, 656 { "name": "medium.com", "include_subdomains": true, "mode": "force-https" }, 657 { "name": "liberty.lavabit.com", "include_subdomains": true, "mode": "force-https", "pins": "lavabit" }, 658 { "name": "getlantern.org", "include_subdomains": true, "mode": "force-https" }, 659 { "name": "kinsights.com", "mode": "force-https" }, 660 { "name": "simbolo.co.uk", "mode": "force-https" }, 661 { "name": "www.simbolo.co.uk", "mode": "force-https" }, 662 { "name": "zenpayroll.com", "mode": "force-https" }, 663 { "name": "www.zenpayroll.com", "mode": "force-https" }, 664 { "name": "get.zenpayroll.com", "mode": "force-https" }, 665 { "name": "errors.zenpayroll.com", "mode": "force-https" }, 666 { "name": "manage.zenpayroll.com", "mode": "force-https" }, 667 { "name": "gernert-server.de", "include_subdomains": true, "mode": "force-https" }, 668 { "name": "skydrive.live.com", "include_subdomains": true, "mode": "force-https" }, 669 { "name": "lifeguard.aecom.com", "include_subdomains": true, "mode": "force-https" }, 670 { "name": "data.qld.gov.au", "mode": "force-https" }, 671 { "name": "publications.qld.gov.au", "mode": "force-https" }, 672 { "name": "go.xero.com", "include_subdomains": true, "mode": "force-https" }, 673 { "name": "login.xero.com", "include_subdomains": true, "mode": "force-https" }, 674 { "name": "my.xero.com", "include_subdomains": true, "mode": "force-https" }, 675 { "name": "payroll.xero.com", "include_subdomains": true, "mode": "force-https" }, 676 { "name": "in.xero.com", "include_subdomains": true, "mode": "force-https" }, 677 { "name": "api.xero.com", "include_subdomains": true, "mode": "force-https" }, 678 { "name": "eff.org", "include_subdomains": true, "mode": "force-https" }, 679 { "name": "mail.de", "include_subdomains": true, "mode": "force-https" }, 680 681 // Entries that are only valid if the client supports SNI. 682 { "name": "gmail.com", "mode": "force-https", "pins": "google", "snionly": true }, 683 { "name": "googlemail.com", "mode": "force-https", "pins": "google", "snionly": true }, 684 { "name": "www.gmail.com", "mode": "force-https", "pins": "google", "snionly": true }, 685 { "name": "www.googlemail.com", "mode": "force-https", "pins": "google", "snionly": true }, 686 { "name": "google-analytics.com", "include_subdomains": true, "pins": "google", "snionly": true }, 687 { "name": "googlegroups.com", "include_subdomains": true, "pins": "google", "snionly": true } 688 ] 689 } 690
