HSTS/PKP

HSTS is HTTP Strict Transport Security: a way for sites to elect to always use HTTPS. See https://www.chromium.org/hsts. PKP is Public Key Pinning: Chrome "pins" certain public keys for certain sites in official builds.

Add HSTS domain

Input a domain name to add it to the HSTS set:

Domain:

Query HSTS/PKP domain

Input a domain name to query the current HSTS/PKP set:

Domain:

Expect-CT

Expect-CT allows sites to elect to always require valid Certificate Transparency information. See https://tools.ietf.org/html/draft-ietf-httpbis-expect-ct.

To protect against cross-site tracking, Expect-CT data will soon be keyed on the site of the main frame and innermost frame when an Expect-CT header is encountered. When that behavior is enabled, both adding and querying an Expect-CT domain use the eTLD+1 of the provided domain as the site for both frames. Deleting policies affects information stored for that domain in the context of all sites, however.

Add Expect-CT domain

Input a domain name to add it to the Expect-CT set. Leave Enforce unchecked to configure Expect-CT in report-only mode.

Query Expect-CT domain

Input a domain name to query the current Expect-CT set:

Send test Expect-CT report

Trigger a test report to the given report URI. The report will contain a hostname of "expect-ct-report.test" and dummy data in other fields.

Delete domain security policies

Input a domain name to delete its dynamic domain security policies (HSTS and Expect-CT). (You cannot delete preloaded entries.):