diff --git a/security/manager/boot/src/StaticHPKPins.h b/security/manager/boot/src/StaticHPKPins.h
index 5d867e0d2eac..d7354d3218a9 100644
--- a/security/manager/boot/src/StaticHPKPins.h
+++ b/security/manager/boot/src/StaticHPKPins.h
@@ -1004,7 +1004,7 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
   { "torproject.org", false, true, false, -1, &kPinset_tor },
   { "translate.googleapis.com", true, false, false, -1, &kPinset_google_root_pems },
   { "twimg.com", true, false, false, -1, &kPinset_twitterCDN },
-  { "twitter.com", true, true, false, -1, &kPinset_twitterCDN },
+  { "twitter.com", true, false, false, -1, &kPinset_twitterCDN },
   { "urchin.com", true, false, false, -1, &kPinset_google_root_pems },
   { "w-spotlight.appspot.com", true, false, false, -1, &kPinset_google_root_pems },
   { "wallet.google.com", true, false, false, -1, &kPinset_google_root_pems },
diff --git a/security/manager/tools/PreloadedHPKPins.json b/security/manager/tools/PreloadedHPKPins.json
index c1a8062ea7fd..f3d1372fa902 100644
--- a/security/manager/tools/PreloadedHPKPins.json
+++ b/security/manager/tools/PreloadedHPKPins.json
@@ -211,6 +211,6 @@
     // twitterCDN. More specific rules take precedence because we search for
     // exact domain name first.
     { "name": "twitter.com", "include_subdomains": true,
-      "pins": "twitterCDN", "test_mode": true }
+      "pins": "twitterCDN", "test_mode": false }
   ]
 }