Hello Martin, For our upcoming NDSS paper ( http://www.jbonneau.com/doc/KB15-NDSS-hsts_pinning_survey.pdf), we did a crawl of the top 1M Alexa Domains plus every domain in Chrome's preloaded list, we observed attempts to set PKP headers at the domains listed below. Note some of these are set incorrectly (see Section IV-F of the paper). Best of luck with your research.
Joe amateurdumper.com amigogeek.net detectify.com forumdenge.com frederik-braun.com freenetproject.org freitag.de homemakinghacks.com kitapyurdu.eu segu-info.com.ar skysportsng.com steventress.com timtaubert.de tone-and-tighten.com webstars2k.com www.deagostini.jp www.ilireg.ir www.metrotimes.com www.mnot.net www.munsterrugby.ie www.pennydellpuzzles.com www.userstyles.org On Jan 8, 2015 11:22 AM, Martin J. Dürst <[email protected]> wrote: > Hello Chris, Chris, Ryan, and everybody, > > A student of mine is working on a small client-side implementation of key > pinning. For testing, we would like to know sites that already send the > respective headers (Public-Key-Pins and/or Public-Key-Pins-Report-Only). > Any replies on the list or in private appreciated. > > Regards, Martin. > > _______________________________________________ > websec mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/websec >
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
