bugzilla.mozilla.org will be intermittently unavailable on Saturday, March 24th, from 16:00 until 20:00 UTC.

Create production test entries for dynamic STS and PKP preloads

Assigned to



11 months ago
11 months ago


(Reporter: mgoodwin, Assigned: mgoodwin)


Firefox Tracking Flags

(Not tracked)




11 months ago
It would be useful to have something akin to pinning-test.badssl.com or the old pinningtest.appspot.com that allows us to test production data relating to the dynamic preload mechanisms for STS and PKP.

For each of these, we'd need a real (mozilla) FQDN pointing to an actual host. In the STS case, this should have some configuration disallowed by HSTS (e.g. no TLS or a bad certificate). In the PKP case, there should be a good certificate chain.

The STS preload entry should just enable STS for the STS host (including sub-domains is not necessary).

The PKP preload entry should have an incorrect pinset for the chain served by the PKP test host.
You need to log in before you can comment on or make changes to this bug.