diff --git a/toolkit/components/reputationservice/ApplicationReputation.cpp b/toolkit/components/reputationservice/ApplicationReputation.cpp
index cf21db215eb3..00148ef82683 100644
--- a/toolkit/components/reputationservice/ApplicationReputation.cpp
+++ b/toolkit/components/reputationservice/ApplicationReputation.cpp
@@ -1466,6 +1466,24 @@ PendingLookup::SendRemoteQueryInternal()
          "[this = %p]", this));
   }
 
+  // Look for truncated hashes (see bug 1190020)
+  const auto originalHashLength = sha256Hash.Length();
+  if (originalHashLength == 0) {
+    AccumulateCategorical(mozilla::Telemetry::LABELS_APPLICATION_REPUTATION_HASH_LENGTH::OriginalHashEmpty);
+  } else if (originalHashLength < 32) {
+    AccumulateCategorical(mozilla::Telemetry::LABELS_APPLICATION_REPUTATION_HASH_LENGTH::OriginalHashTooShort);
+  } else if (originalHashLength > 32) {
+    AccumulateCategorical(mozilla::Telemetry::LABELS_APPLICATION_REPUTATION_HASH_LENGTH::OriginalHashTooLong);
+  } else if (!mRequest.has_digests()) {
+    AccumulateCategorical(mozilla::Telemetry::LABELS_APPLICATION_REPUTATION_HASH_LENGTH::MissingDigest);
+  } else if (!mRequest.digests().has_sha256()) {
+    AccumulateCategorical(mozilla::Telemetry::LABELS_APPLICATION_REPUTATION_HASH_LENGTH::MissingSha256);
+  } else if (mRequest.digests().sha256().size() != originalHashLength) {
+    AccumulateCategorical(mozilla::Telemetry::LABELS_APPLICATION_REPUTATION_HASH_LENGTH::InvalidSha256);
+  } else {
+    AccumulateCategorical(mozilla::Telemetry::LABELS_APPLICATION_REPUTATION_HASH_LENGTH::ValidHash);
+  }
+
   // Serialize the protocol buffer to a string. This can only fail if we are
   // out of memory, or if the protocol buffer req is missing required fields
   // (only the URL for now).
diff --git a/toolkit/components/telemetry/Histograms.json b/toolkit/components/telemetry/Histograms.json
index bed6d365995f..49aec8b322dc 100644
--- a/toolkit/components/telemetry/Histograms.json
+++ b/toolkit/components/telemetry/Histograms.json
@@ -108,6 +108,16 @@
     "labels": ["OtherBinaryFile", "DmgFile", "RarFile", "ZipFile"],
     "description": "Whether a binary file examined by download protection is one of the common archive formats."
   },
+  "APPLICATION_REPUTATION_HASH_LENGTH": {
+    "record_in_processes": ["main", "content"],
+    "alert_emails": ["francois@mozilla.com", "safebrowsing-telemetry@mozilla.org"],
+    "bug_numbers": [1485180],
+    "expires_in_version": "69",
+    "releaseChannelCollection": "opt-out",
+    "kind": "categorical",
+    "labels": ["ValidHash", "OriginalHashEmpty", "OriginalHashTooShort", "OriginalHashTooLong", "MissingDigest", "MissingSha256", "InvalidSha256"],
+    "description": "Whether the hash included in application reputation lookups is valid or broken in some way."
+  },
   "APPLICATION_REPUTATION_SHOULD_BLOCK": {
     "record_in_processes": ["main", "content"],
     "alert_emails": ["francois@mozilla.com", "safebrowsing-telemetry@mozilla.org"],