Closed alexhaydock closed 5 years ago
Oh and there's an API at https://hstspreload.com/ that can be queried if that makes sense but it looks like one guy's small project.
chrome_firefox_tor_hsts.csv.zip
68,338 unique urls from Chrome, Firefox's and Tor's HSTS lists as of a couple of days ago.
Imported and testing now.
https://chromium.googlesource.com/chromium/src/net/+/master/http/transport_security_state_static.json
Low priority, but there are two things we could do with this I suppose:
1) It's 60,000+ domains to check for blocks against. 2) In the other direction, we can check blocks against this list. Any site which is blocked and also appears on this list will never succeed in loading an HTTP block page as browsers will refuse to connect to these domains without valid HTTPS.
That second point might be useful when presenting our research findings as we can at least quantify a subset of sites which we can say for certain will never show block pages properly.