Update from chromium https://crrev.com/301725/

net/http/transport_security_state_static.json

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // This file contains the HSTS preloaded list in a machine readable format.
 
 // The top-level element is a dictionary with two keys: "pinsets" maps details
 // of certificate pinning to a name and "entries" contains the HSTS details for
 // each host.
 //
@@ skipping 159 matching lines @@
         "GeoTrustPrimary_G3",
         "GeoTrustPrimary",
         "TheGoDaddyGroupClass2",
         "GoDaddyRoot_G2",
         "GoDaddySecure",
         "ThawtePremiumServer",
         "ThawtePrimaryRootCA_G2",
         "ThawtePrimaryRootCA_G3",
         "ThawtePrimaryRootCA"
       ]
+    },
+    {
+      "name": "facebook",
+      "static_spki_hashes": [
+        "SymantecClass3EVG3",
+        "DigiCertECCSecureServerCA",
+        "DigiCertEVRoot",
+        "FacebookBackup"
+      ]
     }
   ],
 
   "entries": [
     // Dummy entry to test certificate pinning.
     { "name": "pinningtest.appspot.com", "include_subdomains": true, "pins": "test" },
 
     // (*.)google.com, iff using SSL, must use an acceptable certificate.
     { "name": "google.com", "include_subdomains": true, "pins": "google" },
 
@@ skipping 1185 matching lines @@
     { "name": "onedot.nl", "include_subdomains": true, "mode": "force-https" },
     { "name": "powerplannerapp.com", "include_subdomains": true, "mode": "force-https" },
     { "name": "ru-sprachstudio.ch", "include_subdomains": true, "mode": "force-https" },
     { "name": "segu-info.com.ar", "include_subdomains": true, "mode": "force-https" },
     { "name": "slattery.co", "include_subdomains": true, "mode": "force-https" },
     { "name": "slidebatch.com", "include_subdomains": true, "mode": "force-https" },
     { "name": "smartship.co.jp", "include_subdomains": true, "mode": "force-https" },
     { "name": "southside-crew.com", "include_subdomains": true, "mode": "force-https" },
     { "name": "tickopa.co.uk", "include_subdomains": true, "mode": "force-https" },
     { "name": "wieninternational.at", "include_subdomains": true, "mode": "force-https" },
-    { "name": "fleximus.org", "include_subdomains": true, "mode": "force-https" }
+    { "name": "fleximus.org", "include_subdomains": true, "mode": "force-https" },
+
+    // Facebook would like to have pinning enforced on (*.)facebook.com and
+    // HSTS enforced on specific names. We can't (yet) represent that in JSON
+    // So we're currently only applying pinning on the specific names.
+    { "name": "facebook.com", "mode": "force-https", "pins": "facebook" },
+    { "name": "www.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "m.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "tablet.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "secure.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "pixel.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "apps.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "upload.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "developers.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "touch.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "mbasic.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "code.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "t.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "mtouch.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "business.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+    { "name": "research.facebook.com", "include_subdomains": true, "mode": "force-https", "pins": "facebook" },
+
+    { "name": "0x0a.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "animurecs.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "arendburgers.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "big-andy.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "bitgo.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "buttercoin.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "chainmonitor.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "coinapult.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "comssa.org.au", "include_subdomains": true, "mode": "force-https" },
+    { "name": "coursella.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "crowdjuris.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "curlybracket.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "cyanogenmod.xxx", "include_subdomains": true, "mode": "force-https" },
+    { "name": "czbix.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dealcruiser.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "derevtsov.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "dzlibs.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "easysimplecrm.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "fralef.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "glossopnorthendafc.co.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "gtraxapp.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "hansvaneijsden.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "horseboners.xxx", "include_subdomains": true, "mode": "force-https" },
+    { "name": "horza.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "iamcarrico.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kartonmodellbau.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "keycdn.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "komandakovalchuk.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "kryptera.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "lukonet.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "meetfinch.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "megaxchange.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "moriz.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "myplaceonline.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nectarleaf.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "nos-oignons.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "phoenixlogan.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "redteam-pentesting.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "roland.io", "include_subdomains": true, "mode": "force-https" },
+    { "name": "servergno.me", "include_subdomains": true, "mode": "force-https" },
+    { "name": "siriad.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "smartcoin.com.br", "include_subdomains": true, "mode": "force-https" },
+    { "name": "spartantheatre.org", "include_subdomains": true, "mode": "force-https" },
+    { "name": "spencerbaer.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "stretchmyan.us", "include_subdomains": true, "mode": "force-https" },
+    { "name": "taxsquirrel.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "techhipster.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "timtaubert.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "tribut.de", "include_subdomains": true, "mode": "force-https" },
+    { "name": "triop.se", "include_subdomains": true, "mode": "force-https" },
+    { "name": "twentymilliseconds.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ukdefencejournal.org.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ukhas.net", "include_subdomains": true, "mode": "force-https" },
+    { "name": "vpnzoom.com", "include_subdomains": true, "mode": "force-https" },
+    { "name": "watsonhall.uk", "include_subdomains": true, "mode": "force-https" },
+    { "name": "weblogzwolle.nl", "include_subdomains": true, "mode": "force-https" },
+    { "name": "ypart.eu", "include_subdomains": true, "mode": "force-https" }
   ],
 
   // |ReportUMAOnPinFailure| uses these to report which domain was associated
   // with the public key pinning failure.
   //
   // DO NOT CHANGE THE ORDERING OF THESE NAMES OR REMOVE ANY OF THEM. Add new
   // domains at the END of the array.
   "domain_ids": [
     "NOT_PINNED",
     "GOOGLE_COM",
@@ skipping 240 matching lines @@
     "GOOGLE_VG",
     "GOOGLE_VU",
     "GOOGLE_WS",
     "CHROMIUM_ORG",
     "CRYPTO_CAT",
     "LAVABIT_COM",
     "GOOGLETAGMANAGER_COM",
     "GOOGLETAGSERVICES_COM",
     "DROPBOX_COM",
     "YOUTUBE_NOCOOKIE_COM",
-    "2MDN_NET"
+    "2MDN_NET",
+    "FACEBOOK_COM"
   ]
 }