Sites that should have https forced

[terrorist96]

Note to mods: Please don't edit this post; I'll update it. Helps me to keep track of what's going on. Thanks.

This is a list of sites that support https, but do not automatically redirect to the https version. Sites that support https and automatically redirect (even if they do not have an HTTPSE rule) will not be added to this list.

Outstanding:

• [ ] broadband.mpi-sws.org
• [ ] http://omegataupodcast.net/
• [ ] http://www.dogpile.com/
• [ ] http://appsgate.iitr.ac.in/
• [ ] http://www.jio.com/
• [ ] http://security.blogoverflow.com/
• [ ] http://www.ideacellular.com/
• [ ] http://mirror.dkm.cz/
• [ ] http://www.call-cc.org/
• [ ] http://metalrad.radioca.st/
• [ ] http://ziaspace.com/
• [ ] http://rpi.edu/
• [ ] http://sg.element14.com/ (element14.com redirects to https, sg subdomain doesn't)
• [ ] http://archive.rebeccablacktech.com/
• [ ] http://archive.nyafuu.org/
• [ ] http://neboard.me/
• [ ] http://kano.is/
• [ ] http://www.genomichealthjobs.com/
• [ ] http://everhelper.me/
• [ ] http://ij.org/wp-content/uploads/2018/03/Brief-of-the-Institute-for-Justice-as-Amicus-Curiae-Supporting-Petitioners.pdf
• [ ] http://jpope.org/
• [ ] http://taoofmac.com/space
• [ ] http://tothestars.io/
• [ ] http://uazu.net/
• [ ] http://www.uta.fi
• [ ] http://www.vantaa.fi/
• [ ] http://www.jeuxvideo.com/
• [ ] http://lead-in.info/
• [ ] lots of japanese sites; see https://github.com/EFForg/https-everywhere/issues/3069#issuecomment-263163532
• [ ] http://obarun.org/
• [ ] *.imgs.cc #4895
• [ ] http://www.nextjump.com/
• [ ] http://hashfla.gs/
• [ ] http://www.myspleen.org/login.php
• [ ] http://www.armslist.com/
• [ ] http://pornolab.cc and http://pornolab.biz
• [ ] http://www.nowinstock.net/
• [ ] http://icefilms.ws/
• [ ] http://www.univ-orleans.fr/
• [ ] http://arch.b4k.co/
• [ ] http://archive.loveisover.me/
• [ ] http://alphachan.org/ (mixed content)
• [ ] http://art.4otaku.org/
• [ ] http://370chan.lt/
• [ ] http://heretyk.org/
• [ ] http://acrimonie.com/
• [ ] momondo, supersaver, etc. (see #11930)
• [ ] http://scop.berkeley.edu/
• [ ] http://www.sprakochfolkminnen.se/
• [ ] http://www.sb-innovation.de/forum.php
• [ ] http://kontrollwiki.livsmedelsverket.se/
• [ ] http://genome.ucsc.edu/index.html
• [ ] http://www.istartedsomething.com/ | http://www.istartedsomething.com/bingimages
• [ ] http://www.ensembl.org/index.html
• [ ] http://wiki.torrentleech.org/doku.php
• [ ] http://www.vatortrader.com/
• [ ] http://isbn.org/
• [ ] http://newton.newtonsoftware.com/career/CareerHome.action
• [ ] http://www.forest.go.th/
• [ ] http://correios.com.br/para-voce
• [ ] http://isomerdesign.com/PiHKAL/ (homepage redirects automatically)
• [ ] http://www.genmanga.com/
• [ ] http://moetube.tumblr.com/post/173485989838/this-isnt-goodbye (http://www.moetube.net/)
• [ ] http://4udrama.com/ (mixed content)
• [ ] http://fastdrama.co/ (mixed content)
• [ ] http://hkfree.co/ (mixed content)
• [ ] http://gooddrama.to/ (mixed content)
• [ ] http://www.mangago.me/ (mixed content)
• [ ] http://viewcomic.com/ (mixed content)
• [ ] http://www.genomichealth.com/
• [ ] http://editmysite.com/
• [ ] http://www.340defense.com/
• [ ] http://blog.idleman.fr/
• [ ] http://www.caf.fr/
• [ ] http://nick4senate.com/
• [ ] http://dailypundit.com/
• [ ] long list here: https://github.com/EFForg/https-everywhere/issues/3069#issuecomment-375619130
• [ ] http://www.bhcrforum.com/
• [ ] http://legis.la.gov/legis/Home.aspx
• [ ] http://www.firstmondays.fm/
• [ ] http://it.rojadirecta.eu/
• [ ] http://www.magapill.com/
• [ ] http://www.zeth.tech/
• [ ] http://bridgetrack.com/
• [ ] http://www.valetliving.com/
• [ ] http://trust.org/
• [ ] http://yalejreg.com/
• [ ] http://www.oprah.com/index.html
• [ ] http://www.sun-sentinel.com/
• [ ] http://shutterfly.narvar.com/
• [ ] http://doyoutrustthiscomputer.org/
• [ ] http://chefgeoff.com/
• [ ] http://www.ny1.com/
• [ ] http://www.mediafire.com/ (on file download pages e.g. file/hdg67udg6du/file_name_here.rar/file)
• [ ] http://jitc.org/
• [ ] http://baggss.us
• [ ] http://www.cgpgrey.com/
• [ ] http://www.fox19.com
• [ ] http://g-20.in/
• [ ] http://excessofdemocracy.com/
• [ ] http://buffstreamz.com/
• [ ] http://www.healthday.com/
• [ ] http://www.gun-nuttery.com/
• [ ] http://www.isdera.de/
• [ ] http://jolt.law.harvard.edu/articles/pdf/v09/09HarvJLTech205.pdf
• [ ] http://www.adamkraut.com/
• [ ] http://www.hcfyn.com/
• [ ] http://www.news12.com/ (plus subdomains, e.g. http://newjersey.news12.com/)
• [ ] http://www.saasc.com/
• [ ] http://equalitycasefiles.org/
• [ ] http://files.eqcf.org/
• [ ] http://www.corporateknights.com
• [ ] http://oss-cn-beijing.aliyuncs.com/ and http://rushiwork.oss-cn-beijing.aliyuncs.com/ (e.g. http://rushiwork.oss-cn-beijing.aliyuncs.com/works/201805/1526321955006close_up_hero.jpg)
• [ ] http://az616578.vo.msecnd.net/ (e.g. http://az616578.vo.msecnd.net/files/2016/01/30/6358974233902098801606293334_here-are-some-winter-survival-tips-from-the-us-marine-corps.jpg)
• [ ] http://dakotawarcollege.com
• [ ] http://signetmclean.com/
• [ ] http://nl101.vfemail.net/ (existing rule)
• [ ] http://www.hill.com/
• [ ] http://wapp.capitol.tn.gov/apps/BillInfo/
• [ ] http://vs.aka-online.de/cgi-bin/wppagehiststat.pl
• [ ] http://holafolks.co
• [ ] http://zyzixun.net
• [ ] http://loloha.com/
• [ ] http://www.901209.com
• [ ] http://sdmy168.com/
• [ ] http://www.ca4.uscourts.gov
• [ ] http://www.wistv.com/
• [ ] http://mynorthwest.com
• [ ] http://4kcarwallpapers.com/
• [ ] http://virginiavip.org/VidCentral/Login.aspx
• [ ] http://toonamifaithful.com
• [ ] http://www.toonamisquad.com/
• [ ] http://www.someanithing.com
• [ ] http://mumkeyjones.tv
• [ ] http://hentaixxxmanga.com
• [ ] http://hentai666.com/
• [ ] http://www.hentaimanga.pro/ (mixed content)
• [ ] http://www.xxxcartoonporn.pro/ (mixed content)
• [ ] http://hentai.desi/
• [ ] http://doujinantena.com/
• [ ] http://www.sexmangapics.com/ (mixed content)
• [ ] http://www.xxxmangacomix.com/ (mixed content)
• [ ] http://doujinshihentai.com/ (dead?)
• [ ] http://www.narutohentaicomix.com/ (mixed content)
• [ ] http://thedoujin.com
• [ ] http://www.hentaicore.net/ (mixed content)
• [ ] http://hentaimama.com (mixed content)
• [ ] http://walmart.narvar.com/, https://barkbox.narvar.com/, etc.
• [ ] http://clubspeedtiming.com, http://aisdulles.clubspeedtiming.com/cs-registration/, etc.
• [ ] http://classicbakery.com/
• [ ] http://appellateinquiry.jud.ct.gov/
• [ ] http://bjornfree.com/
• [ ] http://toonamiarsenal.com/
• [ ] http://www.marketsnacks.com/
• [ ] http://portatechs.com/
• [ ] http://getawesome.com/
• [ ] http://www.federalistblog.us/
• [ ] http://www.fetchrewards.com/
• [ ] http://www.ohiochannel.org/
• [ ] http://legislature.mi.gov/(S(5zrdv3jysxb3wimx4uejq3o0))/mileg.aspx?page=home
• [ ] http://www.dcincable.com/
• [ ] http://www.dcinl.com/
• [ ] http://www.receiptpalapp.com/
• [ ] http://blackpride.in
• [ ] http://mattmacpherson.com/
• [ ] http://www.techadvisory.org/
• [ ] http://www.nikola.com/
• [ ] http://www.classic-car-history.com/
• [ ] http://laws.leg.mt.gov/
• [ ] http://legislature.maine.gov/
• [ ] http://www.puma-automobiles.com (not all pages redirect automatically)
• [ ] http://procarsclub.com/
• [ ] http://pangeasoft.net/
• [ ] http://courtartist.com/
• [ ] http://www.omidyar.com/
• [ ] http://refusesmartmeter.com/ and https://refusesmartmeters.com/
• [ ] http://www.dougdemuro.com/
• [ ] http://www.theamericanmirror.com/
• [ ] http://kentuckystatepolice.org/
• [ ] http://ahn09.com/ (http://ahn09.com/mcleanhouse/home.asp)
• [ ] http://vipsumo.com/
• [ ] http://www.todayifoundout.com/
• [ ] http://costcocouple.com/
• [ ] http://thesmokinggun.com/
• [ ] http://www.mariouniverse.com
• [ ] http://www.nysaferesolutions.com
• [ ] http://www.co.lucas.oh.us/
• [ ] http://www.finaltek.com
• [ ] http://www.govolution.com
• [ ] http://www.beefshi.com
• [ ] http://www.meatpoultrynutrition.org
• [ ] http://endoftheamericandream.com
• [ ] http://www.swlaw.com/blog/data-security/2019/05/01/what-does-the-new-utah-electronic-data-privacy-law-do/
• [ ] http://www.vipleague.cc/comedy-central-streaming-link-2 (has mirrors a la vipleague.*)
• [ ] http://libertyvideos.org
• [ ] http://www.arielatom.com
• [ ] http://akharinkhabar.ir/
• [ ] http://krtnradio.com/
• [ ] http://www.whereismymilkfrom.com/
• [ ] http://www.mywakulla.com/
• [ ] http://www.thejourneyisthelife.com/
• [ ] http://www.ssentinel.com/
• [ ] http://www.keepandbeararms.com/
• [ ] http://southsidemessenger.com/
• [ ] http://www.westmorelandnews.net/
• [ ] http://hpub.org/
• [ ] http://www.madisonvillemeteor.com/
• [ ] http://gonzalesinquirer.com/
• [ ] http://www.kliu.org/ https://code.kliu.org/
• [ ] http://www.ecbpublishing.com/
• [ ] http://www.heppner.net/
• [ ] http://www.sciotopost.com/
• [ ] http://www.hurherald.com/
• [ ] http://api.authy.com/
• [ ] http://www.dailypostathenian.com/
• [ ] http://archive.naplesnews.com/ (https://archive.naplesnews.com/community/marco-eagle/marco-island-city-council-passes-gun-resolution-holds-off-on-utility-rate-discussion-ep-384714112-333275931.html/)
• [ ] http://www.discoverhaxtun.com/
• [ ] http://www.maconnc.org/
• [ ] http://1057news.com/
• [ ] http://www.news-herald.net/
• [ ] http://www.therogersvillereview.com/
• [ ] http://www.gazettenews.com/
• [ ] http://www.baggss.us/
• [ ] http://www.cubarle.com/
• [ ] http://www.belleplaineherald.com/
• [ ] http://gunwars.news21.com/
• [ ] http://www.ichibansushimclean.com/
• [ ] http://ctrlq.org/qrcode/ | http://ctrlq.org/common/ico/favicon.ico (mixed content)
• [ ] http://shortpixel.ai/ | http://cdn.shortpixel.ai
• [ ] http://output.jsbin.com/mukira
• [ ] http://contact-picker.glitch.me
• [ ] http://www.city-data.com/
• [ ] http://www.kotexsettlement.com/  
• [ ] http://washingtonareafuelfund.org/
• [ ] http://estmt.net/ (requires https)
• [ ] http://www.steinwinter-stuttgart.de/
• [ ] http://eppc.org/ | http://eppc.org/wp-content/uploads/2019/10/Zimmerman-v.-City-of-Austin-Original-Petition-FILE-STAMPED-9.11.2019.pdf
• [ ] http://www.autoadmit.com
• [ ] http://energyusecalculator.com/index.htm
• [ ] http://www.whatdoesitmean.com/
• [ ] http://www.sunnumber.com/
• [ ] http://www.rockninefourthree.com/
• [ ] http://www.dumpaday.com/
• [ ] http://www.kitchenaldaptation.com/
• [ ] http://galleryovissi.com/
• [ ] http://cardozolawreview.com/
• [ ] http://tenthamendmentcenter.com/feed/
• [ ] http://www.coincalc.com/
• [ ] http://extreme-ip-lookup.com/
• [ ] http://www.geomidpoint.com/
• [ ] http://www.intelligencequarterly.com/
• [ ] http://www.pennypinchercoins.com/
• [ ] http://vi.raptor.ebaydesc.com/ (http://vi.raptor.ebaydesc.com/ws/eBayISAPI.dll?ViewItemDescV4&item=284078584200&category=177652&pm=1&ds=0&t=1605319538610&cspheader=1)
• [ ] http://abcotvs.com/
• [ ] http://www.swagbucks.com/content/components/whitelisting/swagbucks-earn-free-gift-cards.txt
• [ ] http://www.informationliberation.com/
• [ ] http://forums.nesdev.com
• [ ] http://calamares.io
• [ ] http://lansking.com/
• [ ] http://www.gambitrewards.com/
• [ ] http://www.informationliberation.com/
• [ ] http://www.rentlapel.com/
• [ ] http://www.predictions.exchange/
• [ ] http://peopleschoice.coop/
• [ ] http://www.thebellevueva.com/
• [ ] http://mail.theaisummit.com/
• [ ] http://www.tucsonsentinel.com/
• [ ] http://www.newmedia-wi.com/
• [ ] http://www.wvlegislature.gov/
• [ ] http://community.anker.com/
• [ ] http://www.ushareit.com/
• [ ] http://chimpmania.com/forum/forum.php
• [ ] http://www.5music.com.tw/
• [ ] http://www.fangoods.com.tw/
• [ ] http://dom.libre.life/en
• [ ] http://www.stronachtownship.net/
• [ ] http://api.etherscan.io/
• [ ] http://www.lawandfreedom.com/wordpress/
• [ ] http://www.lasership.com/
• [ ] http://persian-rap.org/
• [ ] http://digitalblasphemy.com/
• [ ] http://tyshenry.com/ http://vsptools.tyshenry.com/
• [ ] http://www.doepelstrijkers.com/
• [ ] http://webcast.funeralvue.com/ http://webcast.funeralvue.com/users/login
• [ ] http://www.dllr.state.md.us/
• [ ] http://timetravel.mementoweb.org/
• [ ] http://ilhanomardna.com/
• [ ] http://www.suntimesnews.com/
• [ ] http://giftcardreport.com/feed
• [ ] http://www.themccrearyvoice.com/
• [ ] http://www.shawncossart.com/
• [ ] http://www.namhpac.org/
• [ ] http://www.nasmhpd.org/
• [ ] http://www.titleii.com/ http://www.titleii.com/bardwell/york.txt
• [ ] http://futurenews.news/
• [ ] https://www.bfytw.com/
• [ ] http://www.mirror.finance/
• [ ] http://docs.terra.money/
• [ ] http://www.faxnearme.com/
• [ ] http://matrixhci.com/
• [ ] http://www.sauvik.me/
• [ ] http://calguns.net/calgunforum/index.php
• [ ] http://r-kelly.com/
• [ ] http://travelinpoints.com/an-intermediate-guide-to-selecting-your-next-credit-card/ (home page already redirects)
• [ ] http://www.dougdemuro.com/
• [ ] http://nixle.us/DWGFQ
• [ ] http://content.compliancewire.com/
• [ ] http://www.ca5.uscourts.gov/oral-argument-information/oral-argument-recordings
• [ ] http://maddox.xmission.com/
• [ ] http://freeread.org/
• [ ] http://www.dontevenreply.com/
• [ ] http://freeread.org/index.html

Pending merge:

Completed

Check mark means an HTTPS Everywhere rule was implemented to force https. - [x] http://onepace.net/ (mixed content) - [x] http://02ch.su/ - [x] http://www.co.cumberland.nc.us/ - [x] http://www.advocateanddemocrat.com/ - [x] http://banned.video/ - [x] http://www.cafepharma.com/boards/ - [x] http://www.pkcell.com/ - [x] http://indianacourts.us/blogs/caseclips/ - [x] http://www.smallarmsreview.com/ (doesn't redirect for some pages like http://www.smallarmsreview.com/display.article.cfm?idarticles=129) - [x] http://0chan.one/ - [x] http://www.wilsontimes.com/ - [x] http://www.modulus.com/ - [x] http://marginalrevolution.com/wp-content/uploads/2016/06/HomicidebyWeapon2014.png - [x] http://spacelab.ie/ - [x] http://vodlocker.to/ (#19204) - [x] http://www.gamersky.com/ (`www.` required) (#19233) - [x] http://www.worldometers.info (mixed content) (#19232) - [x] http://www.tetherreport.com/ (#19203) - [x] http://glodls.to (#19202) - [x] http://redditsearch.io/ (#19200) - [x] http://www.erlang.org/ (#19198) - [x] http://www.gwern.net/ (#19187) - [x] http://bsd.lv/ (#19185) - [x] http://geekghost.net/ (#19184) - [x] http://sqlitebrowser.org/ (#19183) - [x] http://www.panli.com (#19181) - [x] http://devast.io/ (https://github.com/EFForg/https-everywhere/pull/19084) - [x] http://zenhax.com/ - [x] http://amp.timeinc.net/thedrive/news/25502/aston-martin-reportedly-working-on-hybrid-i-6-to-replace-amg-borrowed-v-8 - [x] http://c0ffee.surge.sh/ - [x] http://www.racket-lang.org/ - [x] http://www.lansfast.se/ - [x] http://www.gunfacts.info/ - [x] http://geck.bethsoft.com - [x] http://about.att.com/category/all_news.html - [x] strem.io (requires www.) - [x] http://www.av-comparatives.org/dynamic-tests/ (homepage already redirects) - [x] http://www.tldp.org/ - [x] http://www.gigablast.com/ - [x] http://reason.com/ - [x] http://snip.ly/ - [x] http://www.ratemyprofessors.com/ - [x] www.speedtest.net/ - [x] gametechwiki.com emulation.gametechwiki.com #18811 - [x] https://www.quicksilvermail.net/ - [x] hdme.eu - [x] https://www.lightningmaps.org - [x] https://www.thefader.com/ - [x] https://premierliga.ru/ - [x] https://www.musl-libc.org/ - [x] https://w3c-test.org/ #17093 - [x] https://json-schema.org/ #17067 - [x] https://ironruby.net/ #17077 - [x] https://bgm.tv/ - [x] https://spi-inc.org/ #16307 - [x] racked.com - [x] https://iichan.hk/ - [x] https://hbrowse.com/ - [x] https://zoo.org/ - [x] https://deb-multimedia.org/ - [x] https://shattered.io/ (#14027) - [x] https://wizchan.org/ (#8259 ~~and #9455~~) - [x] https://droid-break.info/ - [x] www.paygarden.com - [x] https://www.2chan.net/ - [x] https://genusdebatten.se/ - [x] https://cdon.se/ - [x] https://sia.tech/ - [x] https://gay-torrents.org/ - [x] https://www.nvidia.ru/page/home.html - [x] https://www.cyberpowersystem.co.uk - [x] https://www2.highlands.edu/ - [x] https://open-books.calibre-ebook.com/ - [x] https://frugalware.org/ - [x] http://www.rpxcorp.com - [x] https://www.qutebrowser.org/ - [x] https://www.fsfla.org/ikiwiki/ - [x] https://cryptopals.com/ - [x] [ssl].panoramio.com - [x] https://mygoxclaim.com/ - [x] https://swift.im/ - [x] https://trofire.com/ (homepage redirects to https, but article pages don't) - [x] mootipass.com - [x] https://terminal.sexy/ - [x] https://www.pdfmerge.com/ - [x] xvideos.com - [x] https://bitcoinfees.21.co/ (add to 21.co rule) - [x] https://censor.net.ua/ - [x] https://hdclub.org/ - [x] https://blackarch.org/ - [x] https://mojang.com/ - [x] https://moakt.com/ - [x] https://extra.to/ (merge with `Extratorrent.com` rule?) - [x] https://katcr.co/show/community/ - [x] https://iknowwhatyoudownload.com/en/peer/ - [x] https://predb.me - [x] https://www.instructables.com/ - [x] https://krebsonsecurity.com/ - [x] https://ftp.uni-erlangen.de/ (doesn't support www.) - [x] https://www.jsdelivr.com/ - [x] https://torrentz2.me/ - [x] http://www.torrentdownloads.me/ - [x] firehol.org; iplists.firehol.org, etc. - [x] https://www.golem.de/ - [x] https://srad.jp - [x] coinb.in/multisig/ (homepage defaults to https) - [x] dogechain.info - [x] https://www.teamup.com/ (requires www.) - [x] https://www.ouedkniss.com/ - [x] https://www.tinkernut.com/ - [x] https://www.irongeek.com/ - [x] https://danluu.com/ - [x] https://approach0.xyz (already redirects to https...) - [x] https://www.ul.se - [x] https://proxy.org/ - [x] https://www.questionablecontent.net/ - [x] www.nvcc.edu/ - [x] www.charitynavigator.org - [x] lifehacker.com - [x] codetriage.com/ - [x] us.megabus.com - [x] sci-hub.ac - [x] zerowater.com - [x] clearista.com - [x] www.isidewith.com - [x] starship.xyz - [x] iconical.com - [x] poo.solutions - [x] www.eliomotors.com - [x] quickleak.se - [x] http://bazaarbay.org/ - [x] lexpredict.com (requires loading unsafe scripts) - [x] www.plenti.com - [x] demonoid.pw - [x] demonoid.ooo - [x] www.juno.com - [x] chat.iptorrents.com - [x] www.ogicom.pl - [x] www.yodlee.com - [x] codecombat.com - [x] saltstack.com - [x] t0.com - [x] neovim.io - [x] member.bananatag.com - [x] www.pandora.com - [x] www.globevestor.com - [x] freedomboxfoundation.org - [x] www.desk.com - [x] www.saf.org - [x] www.gmx.com - [x] riskanalytics.com - [x] eyeboot.com - [x] winkdex.com - [x] paranoidsecurity.nl - [x] thepiratebay.la (going via thepiratebay.se will result in https, but going to .la directly will not have https forced) - [x] coinmarketcap.com - [x] www.earthvpn.com - [x] sunlightfoundation.com - [x] www.cyberpowerpc.com - [x] www.blackarrowsoftware.com - [x] www.bluehendesoesterreich.at - [x] secure-computing.net - [x] http://store.nike.com/us/en_us/pd/flyknit-racer-unisex-running-shoe/pid-10284846/pgid-646501 forward to https://secure-store.nike.com/us/en_us/pd/flyknit-racer-unisex-running-shoe/pid-10284846/pgid-646501 But breaks the customization flash element

No longer needed

~~Stricken~~ means the site now redirects to https on its own; no rule was created. ~~allaboutbeer.net http://ssrnblog.com/ 1079ishot.com abix.fr aboutads.info adrasoap.com affordablereputationmanagement.com alaska.org technotes.alconox.com alko.fi architectsandartisans.com astrachat.com bewelcome.org biketoworkmetrodc.org bitreading.com blokada.org bohuslaningen.se broadcastify.com bsdnow.tv caci.com californiaopencarry.com sinus-r2.cappelendamm.no casaenelagua.com cityconnectapps.com coincap.io comicextra.com conanforum.org conannews.org constitution.org courtartist.com cwtv.com cybione.org cypherium.io d10e.biz datpiff.com didioffendyou.com doublepimpssl.com drexel.edu dumpyahoo.com eliteshootingsports.com boards.fireden.net forgotten-ny.com fox13news.com fox5ny.com freedomworks.org gowatchit.com grin-tech.org shop.hairpiece.com hamstakilla.com handgunlaw.us hearst.com hidevolution.com hotmovs.com imgsrc.hubblesite.org iiserkol.ac.in internetlivestats.com istartedsomething.com justtires.com kissdoujin.com lastampa.it legallyspeakingohio.com legislation.gov.uk lgbtmap.org liberland.org licindia.in lulubyleah.com lunaroutpost.com magnumphotos.com pro.magnumphotos.com medicalkidnap.com michellawyers.com miohentai.com moremonmouthmusings.net mustreadalaska.com myasiantv.se mynorthwest.com ncrpa.org netassist.ua newark.com nmpoliticalreport.com norml.org northeastapp.com ontheissues.org philly.com pocketmonsters.net support.proboards.com programminginsider.com rallyforourrights.com randpac.com rcsb.org rpi.edu sanctuarycounties.com savagerivale.nl sdlegislature.gov sealameal.com shmoocon.org itframe.shoutca.st opencast.radioca.st sibnet.ru startyoshi.com leg1.state.va.us subguns.com taoofmac.com tdudrivetime.com techtapper.com terrywalters.net the-odin.com theblackvault.com thedailynewsonline.com thefederalist.com thelcn.com travelinpoints.com trendingpolitics.com ttela.se un.org uniarts.fi unitedpatriotsofamerica.com utu.fi vipleague.cc lis.virginia.gov wfmz.com wmfe.org workinfinland.com wrib.org zeromotorcycles.com http://smartgunlaws.org/ (load unsafe scripts) http://stopforumspam.com/ https://checkyourfact.com/ https://en.wheelsage.org/ http://www.uk-erlangen.de https://pururin.io/ #14453 https://0chan.ru.net/ https://wesbos.com/ https://wcupa.edu/ https://www.bitmatica.com/ https://jaredforsyth.com/ https://surlyjake.com/ https://www.nola.com/ https://rybczak.net/ https://grapevine.is/ https://www.replicant.us/ https://plasticboy.com/ https://developers.redhat.com/ https://tabtimes.com/ https://www.dadamailproject.com/ https://ashishb.net/ https://www.houzz.com/ https://www.philips.co.in https://payex.com https://www.abo.fi https://www.momondo.com https://www.ulapland.fi https://www.vikingline.fi https://www.vikingline.se https://poliisi.fi (disabled, mixed content) https://www.txxx.com/ https://www.vasttrafik.se/ https://www.riemurasia.net/ https://www.posti.fi/ https://upornia.com/ https://sv.nametests.com/ https://www.finnkino.fi/ https://liveperson.com/ https://www.farnell.com/ https://thekojonnamdishow.org/ https://html5games.com/ finn.no bring.com/dk/no/se and posten.no https://fija.org/ https://squawkr.io/ https://bms.com https://www.mrc.org https://www.newsbusters.org/ https://www.faygoluvers.net/ https://www.leade.rs/#homepage1 https://www.powerlineblog.com/ https://www.dvdvideosoft.com/ https://www.zeroto60times.com/ https://ntsb.gov/Pages/default.aspx https://hollaforums.com/ https://www.gotenna.com/ https://www.earthlink.net/ https://www.ddbj.nig.ac.jp/ https://proper.io/ https://www.mathaeser.de/ https://www.easynotebooks.de/ https://cs.rin.ru/ https://www.nsaneforums.com/ https://imgsafe.org/ https://www.eurocontrol.int/ https://www.rawstory.com/ (mixed content for images) https://www.accessatlanta.com/ https://www.austin360.com/ https://www.dayton.com/ https://www.daytondailynews.com/ https://www.journal-news.com/ https://www.mydaytondailynews.com/ https://www.mypalmbeachpost.com/ https://www.mystatesman.com/ https://www.palmbeachdailynews.com/ https://www.palmbeachpost.com/ https://www.springfieldnewssun.com/ https://www.statesman.com/ https://www.whio.com/ politico.com (rule currently disabled) https://www.biospace.com/ https://www.cuddleclones.com/ https://www.nexusmods.com/ https://portal.ble.mn.gov https://www.psol50.org.br/ https://law.lis.virginia.gov/ https://unfurlr.com/ https://www.iota.org/ https://www.supersavertravel.se/ https://www.momondo.se/ https://thelibertarianrepublic.com/ https://www.ca9.uscourts.gov/ www.deviantart.com https://www.skandiamaklarna.se/ https://themerkle.com/ https://americansuppressorassociation.com https://hakihome.com/ (mixed content) https://tumba.ch/ https://www.behnevis.com/ https://queue.acm.org/ https://www.genecards.org/ https://deuhd.ru/ https://www.openio.io/ https://guardanthealth.com/ https://www.nbc.com/ https://www.cookout.com https://electroneum.com https://hacken.io/ https://edgeless.io/#!/index https://www.skandiamaklarna.se/ https://graph.anime.plus/ https://horriblesubs.info/ (mixed content) https://boxasian.com/ (mixed content) https://mangapark.me/ (mixed content) https://readcomicbooksonline.net/ (mixed content) https://www.augur.net/ https://www.techradar.com/ https://www.rstreet.org/ https://rocknsolex.fr/ https://www.meilleurtaux.com/ https://manach.net/ and https://jean-marc.manach.net/ https://bgr.com/ https://nimbus.everhelper.me/ https://www.renaultsamsungm.com/2017/main/main.jsp https://pron.tv/ https://bitcoinist.com/ https://www.healtheast.org/ https://ant.design/ www.gotobus.com cannakorp.com www.netzero.net mobilism.me(.org) livepokersupport.com dragoninnovation.com www.rossu.edu/medical-school/ www.rossu.edu/veterinary-school/ https://www.dailymotion.com/ https://backdrift.org https://www.ece.ucsb.edu/ https://www.zbigz.com/ https://vim.rtorr.com/ https://www.dell.com/en-us/ https://engineering.dartmouth.edu/ https://gateoverflow.in https://imgsking.com/ https://www.ubc.ca/ https://mymemory.translated.net/ https://www.notebookcheck.net/ https://www.dogfoodadvisor.com/ https://creately.com/ https://chronicled.org/ https://lumerit.com/ https://www.drmorepen.com/ https://spankbang.com https://www.infosecurityeurope.com/ https://www.petmd.com/ https://bittorrentstart.com https://lolifox.org/ https://apachan.net/ https://rfch.rocks/ https://www.vero.fi https://www.laposte.fr/ https://citizensclimatelobby.org/ https://www.sfr.fr/ https://www.nelliportaali.fi/ https://uni.edu/ https://sl.se www.hsbc.co.uk www.jetblue.com https://matkahuolto.fi/ (already redirects to https...) https://www.swebus.se/ https://polisen.se https://www.vr.fi (already redirects to https...) hackforums.net (requires loading unsafe scripts) https://www.avito.ma/ https://www.leroymerlin.fr/ https://artofproblemsolving.com/ arstechnica.com (#4196, #4201)~~

Regression

~~goodmanga.net~~ (redirects to `http://www.mangareader.net/` which doesn't support https)

Dead sites

- [x] empirehost.me hedgy.co http://ptchan.net/ http://eyeonanime.tv/ (mixed content) http://depreschan.ovh/ http://www.amendmentgazette.com/ http://revolt.group/donovo/ http://pornleech.is/ stashcrypto.com/front http://www.ps-performancesolutions.com/ bewelco.me http://srbijachan.org/ http://theindexof.net/ http://gayvoron.com.ua/ http://coinedtimes.com/ http://onlinemovies.pw/ http://streamcdn.co/ http://functionalclam.com/ http://bitcoinrichlist.com/ http://iwouldntsteal.net/ https://pururin.us/ https://anonmgur.com/ and https://anonm.gr/ https://www.primewire.ag https://lyricskong.com/ https://314n.org/ https://vichan.net/ https://sli.mg/ and https://i.sli.mg/ and https://ioimg.com/ and https://i.ioimg.com/ yts.im (yts.to already has a rule) solopool.net matthew5025.com bayfiles.net ecointalk.net https://www.zone-telechargement.com/ https://thotpatrol.com/ showhaotu.com, showhaotu.club, showhaotu.pw, showhaotu.xyz #8205

Type: other

[rugk]

BTW you can use checkboxes to easily mark where you've created rulesets. Here (at extras) it's described how you can do it.

[terrorist96]

Can I get some help? I can't do it all myself.

[terrorist96]

@loveithateit can you please add the "Good Volunteer Task" label as well? Thanks!

[J0WI]

for gmx.com see https://github.com/EFForg/https-everywhere/blob/master/src/chrome/content/rules/GMX.xml#L132

[terrorist96]

Thanks for taking on the task!

[J0WI]

I won't to the whole task. Feel free to contribute your self ;)

[rugk]

And do not forget to tick everything where a PR exists. :smile:

[terrorist96]

Added the checkmarks. @J0WI I failed to mention that mobilism also has a .org domain. Thanks!

[J0WI]

You should double check your list. e.g. thepiratebay.la also exist https://github.com/EFForg/https-everywhere/blob/master/src/chrome/content/rules/The_Pirate_Bay.la.xml

[terrorist96]

e.g. thepiratebay.la also exist

Thanks, I didn't know it was already made. This list was made based on the current HTTPS Everywhere version (Version: 2015.8.13), so since it hasn't been pushed to the stable branch yet, I missed it.

[terrorist96]

Added a few more sites to the top of the list.

[ghost]

Can you please add https://poopjournal.rocks/ and https://poo.solutions/? Thanks 😘

[terrorist96]

Can you please add https://poopjournal.rocks/ and https://poo.solutions/? Thanks 😘

poopjournal.rocks already defaults to https. I'll add poo.solutions.

[jeremyn]

There is currently a neovim.io rule (here), and also the Neovim site appears to force HTTPS without HTTPS-Everywhere.

[rugk]

It does not matter whether sites already redirect to HTTPS by default - they should still be included in HTTPSE. See https://www.eff.org/https-everywhere/faq#faq-Why-does-HTTPS-Everywhere-include-rules-for-sites-like-PayPal-that-already-require-HTTPS-on-all-their-pages?

[jeremyn]

@rugk Thanks for pointing that out, I wasn't aware that was the policy. In that case Neovim.io technically should have a rule even if it internally redirects to HTTPS.

That said, by the logic in that FAQ, literally every HTTPS site in the world should have an HTTPS Everywhere rule, in which case we shouldn't list sites without rules in an issue like this. In other words, the fact that it internally redirects would be enough to remove it from this issue, even though a rule for it is technically valid. What do you think?

[jeremyn]

https://sci-hub.bz/ is unable to connect. It should be removed from the list unless this outage is temporary.

[jeremyn]

@rugk www.yodlee.com is another example like neovim.io except there is no yodlee ruleset already. I argue www.yodlee.com should be removed from the list:

• http://www.yodlee.com and http://yodlee.com redirect to https://www.yodlee.com
• http://moneycenter.yodlee.com and http://developer.yodlee.com redirect to https
• http://forum.yodlee.com and http://ir.yodlee.com don't seem to support https

and I can't find any other subdomains.

[Foorack]

@jeremyn I agree to disagree. Again, even if site automatically redirects to HTTPS it should still have a HTTPSE rule. This is to - as described in the FAQ - to prevent sslstripping.

[Foorack]

www.netzero.net has mixed content which can't be loaded over https

[Foorack]

solopool.net domain has expired...........

[Foorack]

@terrorist96 There already exist a ruleset for the following websites:

• Demonoid https://www.eff.org/https-everywhere/atlas/domains/demonoid.pw.html
• Codecombat https://www.eff.org/https-everywhere/atlas/domains/codecombat.com.html
• SaltStack.com https://www.eff.org/https-everywhere/atlas/domains/saltstack.com.html

[Foorack]

Certificate for matthew5025.com expired 177 days ago.

[rugk]

@jeremyn As @Foorack pointed out, your reasons are not valid. I don't understand your "what sites should we list in an issue" issue. We can list all sites we want in such issues and again - only because sites redirect to HTTPS, this does not mean they should not have a ruleset in HTTPSE.

[jeremyn]

I assume by far most HTTPS sites redirect from HTTP because that's what users expect, and all of these then should technically have a rule. Maybe this is millions of sites. It's fine if someone wants to submit a pull request with a simple redirect ruleset for their favorite little site. What I don't want is to encourage people to submit a request list with a zillion of these domains to this issue. You could write a crawler for the Let's Encrypt certificate list, or any other authority, to automatically create such a list. That would overwhelm this issue and that's silly.

Also, as a volunteer, I would prefer to work on domains that need more than a trivial redirect. If we encourage these zillion domains in this issue, then for every important "my bank lets me log in through HTTP" we have a thousand personal blogs that are working just fine. If they were all in the list at the top of this issue, there's no way to distinguish between the two.

Part of the problem is that we don't have a good way of tracking sites that need work. I wouldn't mind the zillion sites if I could filter them somehow. @Foorack and I are talking about something vaguely related in issue #6322.

[rugk]

I assume by far most HTTPS sites redirect from HTTP because that's what users expect, and all of these then should technically have a rule.

Yes.

Maybe this is millions of sites.

Yes. Nobody never said HTTPSE has an easy goal. :laughing: :wink:

What I don't want is to encourage people to submit a request list with a zillion of these domains to this issue.

Well... that's another issue. And I'd also say people should rather do PRs by themself than just creating issue lists full of "add domain XY". This way they learn something new and learn how to contribute to FLOSS projects. And the work is done by more people...

You could write a crawler for the Let's Encrypt certificate list, or any other authority, to automatically create such a list. That would overwhelm this issue and that's silly.

Actually that's not such a bad idea IMHO if the crawler automatically creates PRs. I also wanted to suggest it, but I refrained, because this crawler would not be able to check for Mixed Content e.g.

Also, as a volunteer, I would prefer to work on domains that need more than a trivial redirect.

No problem, I think there are a lot of more sophisticated cases for you. :smiley: However - fortunately - most sites just need a usual redirect (and maybe a secure cookie directive) and that's it.

[Foorack]

because this crawler would not be able to check for Mixed Content e.g

I don't see why it would't be possible to make a crawler which detects if the website tries to fetch a HTTP resource when using HTTPS. An example implementation method would be to use the PhantomJS event onResourceRequested. Example usage.

No matter if this will be a EFF project or not, I find the idea highly interesting and would love to work on it. :+1:

[rugk]

I don't see why it would't be possible to make a crawler which detects if the website tries to fetch a HTTP resource when using HTTPS.

I think the issue is that websites usually have many, many pages and only few of them may have Mixed Content issues. I mean humans also can't check them all, but usually they are able to get out, which sites are important and test all them. A crawler would have to follow each link to do this... Don't know which is more reliable here: Humans or robots... :smiley:

[Foorack]

Humans or robots

Why do we need to choose? The crawler can test each domain and if it passes then a human will test it when creating the rule. I have gone through several domains today only to realise they don't even support HTTPS at all or have serious mixed-content errors on the start page.

[rugk]

Good argument, but we should continue this discussion in https://github.com/EFForg/https-everywhere/issues/6322 as it is not relevant for this issue.

[jeremyn]

@rugk Just to be clear: it's fine if millions of sites is HTTPS Everywhere's mission, but I don't want to see a million sites listed in this issue.

It's great if people want to do their own pull requests and learn something. But, if a non-technical user finds a problem, they should have some easy way of reporting it (#6322) so a technical volunteer with free time can solve that problem if they want to. And as a volunteer I'd like the open task list to distinguish between sites that just need SSL-stripping rulesets and sites with more significant needs.

[terrorist96]

I think I've finished updating the list. I like to add checkmarks when any pending PR's are merged and HTTPSE is updated to verify that the sites actually force https successfully.

@jeremyn I've updated the sci-hub url to the .ac domain, which still needs https forced. @Foorack updated

[terrorist96]

I've updated the list a bit. Moved everything that's been taken care of towards the bottom.

[ghost]

@terrorist96 You should add these websites to the list

https://www.questionablecontent.net/ https://www.deviantart.com/ https://terminal.sexy/ https://omegataupodcast.net/ https://www.dailymotion.com/ https://backdrift.org https://www.qutebrowser.org/ https://www.dogpile.com/ https://www.gigablast.com/ https://www.monster.com/ https://www.ece.ucsb.edu/ https://www.torrentdownloads.me/ https://proxy.org/ https://www.zbigz.com/ https://appsgate.iitr.ac.in/ https://torrentz2.me/ https://vim.rtorr.com/ https://www.jsdelivr.com/ https://www.dell.com/en-us/ https://www.fsfla.org/ikiwiki/ https://engineering.dartmouth.edu/ https://www.joshh.info/ https://www.jio.com/ https://gateoverflow.in https://www.ideacellular.com/ https://youpornbook.com/ https://imgsking.com/ https://www.ubc.ca/ https://glodls.to https://mirror.dkm.cz/ https://ftp.uni-erlangen.de/ https://mirrors.evowise.com/ https://www.bsdnow.tv/ https://mymemory.translated.net/ https://www.notebookcheck.net/ https://droid-break.info/ https://www.dogfoodadvisor.com/ https://www.iiserkol.ac.in/ https://security.blogoverflow.com/ https://cryptopals.com/

[terrorist96]

@sixpointzero Added all except Deviant Art (it's already on the list). Thanks!

[ghost]

Here's more!

https://www.drmorepen.com/ https://www.univ-orleans.fr/ https://krebsonsecurity.com/ https://spankbang.com https://mcabber.com/ https://www.infosecurityeurope.com/ https://shmoocon.org/ https://www.petmd.com/ https://bittorrentstart.com https://krebsonsecurity.com/ https://uni.edu/ https://www.libressl.org/ https://www.racket-lang.org/ https://www.call-cc.org/ https://wesbos.com/ https://wcupa.edu/ https://www.bitmatica.com/ https://jaredforsyth.com/ https://mailaender.coffee/ https://jpope.org/ https://surlyjake.com/ https://www.nola.com/ https://drexel.edu/ https://danluu.com/ https://www.lighttpd.net/ https://rybczak.net/ https://www.musl-libc.org/ https://grapevine.is/ https://www.replicant.us/ https://plasticboy.com/ https://developers.redhat.com/ https://taoofmac.com/space https://tabtimes.com/ https://www.dadamailproject.com/ https://ashishb.net/ https://astrachat.com/ https://cybione.org/ https://mcabber.com/ https://poez.io/en/ https://qutim.org/ https://swift.im/ https://tothestars.io/ https://www.instructables.com/ https://uazu.net/ https://www.houzz.com/ https://www.philips.co.in

[rugk]

@sixpointzero Please create PRs for these. Just posting a list of websites here, does not help anyone.

[terrorist96]

@sixpointzero Thanks. I added all to the list except krebsonsecurity and mcabber (was on your list twice).

[mgol]

Ad. Ars Technica - I think the whole site should work with HTTPS now, certainly articles: #7585

[Foorack]

I feel this list has gone out of control. Since it was created over a year ago it has really become a never-ending project. However, I am thankful for the people finding these sites and this feels more and more like the problem mentioned in this issue. IMO there should be an better way for users to report websites.

[jeremyn]

These were all reported by @jony0008 in various issues. I'm collecting them here:

https://payex.com https://www.abo.fi https://www.momondo.com https://bongacams.com https://livejasmin.com https://xhamster.com https://ratsit.se https://www.hanken.fi https://opiskelu.jyu.fi https://www.ulapland.fi https://www.uta.fi https://www.uniarts.fi https://www.utu.fi https://www.vr.fi https://www.vikingline.fi https://www.vikingline.se https://www.tallinksilja.fi https://www.tallinksilja.se https://www.ul.se https://sl.se https://www.uppsala.se https://poliisi.fi https://polisen.se https://www.vero.fi

[Foorack]

poliisi.fi already exists

[Foorack]

All wizchan.org domains have invalid certificate chains and will therefore be broken in some browsers. Please remove this domain.

[securingyour]

Please add https://www.thestudentroom.co.uk/

[Foorack]

@securingyour That site has MCB errors.

[dedit]

@Foorack For MCB you can use a rule only on platforms that allow mixed content by adding platform="mixedcontent" attribute to the ruleset element.

[terrorist96]

Please add https://www.thestudentroom.co.uk/

That site already redirects to https so I'm not adding it. Everything else has been added

[terrorist96]

Just went through and the following already redirect to https, so I'm not adding them: polisen.se uppsala.se tallinksilja.se tallinksilja.fi opiskelu.jyu.fi hanken.fi ratsit.se xhamster.com livejasmin.com bongacams.com qutim.org poez.io lighttpd.net mailaender.coffee libressl.org mcabber.com monster.com mirrors.evowise.com

Some others that do redirect automatically, but already have PRs made, I've kept.

Removed replicant.us and joshh.info cuz it gives a privacy error. Removed infosecurityeurope.com cuz it doesn't support https. Removed spankbang.com cuz it breaks images/thumbnails even when allowing mixed content.

[dedit]

@terrorist96 Maybe you tried thestudentroom.co.uk with https, if you try thestudentroom.co.uk as is then it does not redirect to https.

[ghost]

Please add rules to these also: https://www.txxx.com/ https://www.vasttrafik.se/ https://www.alko.fi/ https://hotmovs.com/ https://www.riemurasia.net/ https://www.workinfinland.com/ https://www.posti.fi/ https://upornia.com/ https://sv.nametests.com/ https://www.finnkino.fi/ https://www.nelliportaali.fi/ https://www.vantaa.fi/